Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Identifying and Quantifying Trade-offs in Multi-Stakeholder Risk Evaluation with Applications to the Data Protection Impact Assessment of the GDPR

Majid Mollaeefar, Silvio Ranise

TL;DR

The paper tackles multi-stakeholder cyber risk management under GDPR DPIA by formulating the Multi-Stakeholder Risk Minimization Problem (MSRMP) as a decidable multi-objective optimization that seeks Pareto-optimal subsets of controls across threats. It defines risk residues and mitigation mappings, and presents two approaches to define stakeholder impacts: an initial subjective method and a less subjective, protection-goal-based method using normalized threat criticality, enabling more objective trade-offs. A Java prototype demonstrates automated instance definition and Pareto solution discovery, validated on a DPIA-running example and extended with scalable strategies (e.g., turning the problem into a reduced space via $x_T=1-m(T)$ and solving a Sum Subset Problem variant). Experimental results indicate substantial search-space reductions and improved scalability when interleaving feasibility and optimization tasks, supporting practical application to GDPR-compliant DPIA scenarios. The work contributes a formal MSRMP framework, methods to instantiate it with data protection goals, and empirical evidence of viability for guiding multi-stakeholder risk-management decisions in privacy- and security-critical settings.

Abstract

Cybersecurity risk management consists of several steps including the selection of appropriate controls to minimize risks. This is a difficult task that requires to search through all possible subsets of a set of available controls and identify those that minimize the risks of all stakeholders. Since stakeholders may have different perceptions of the risks (especially when considering the impact of threats), conflicting goals may arise that require to find the best possible trade-offs among the various needs. In this work, we propose a quantitative and (semi)automated approach to solve this problem based on the well-known notion of Pareto optimality. For validation, we show how a prototype tool based on our approach can assist in the Data Protection Impact Assessment mandated by the General Data Protection Regulation on a simplified but realistic use case scenario. We also evaluate the scalability of the approach by conducting an experimental evaluation with the prototype with encouraging results.

Identifying and Quantifying Trade-offs in Multi-Stakeholder Risk Evaluation with Applications to the Data Protection Impact Assessment of the GDPR

TL;DR

The paper tackles multi-stakeholder cyber risk management under GDPR DPIA by formulating the Multi-Stakeholder Risk Minimization Problem (MSRMP) as a decidable multi-objective optimization that seeks Pareto-optimal subsets of controls across threats. It defines risk residues and mitigation mappings, and presents two approaches to define stakeholder impacts: an initial subjective method and a less subjective, protection-goal-based method using normalized threat criticality, enabling more objective trade-offs. A Java prototype demonstrates automated instance definition and Pareto solution discovery, validated on a DPIA-running example and extended with scalable strategies (e.g., turning the problem into a reduced space via and solving a Sum Subset Problem variant). Experimental results indicate substantial search-space reductions and improved scalability when interleaving feasibility and optimization tasks, supporting practical application to GDPR-compliant DPIA scenarios. The work contributes a formal MSRMP framework, methods to instantiate it with data protection goals, and empirical evidence of viability for guiding multi-stakeholder risk-management decisions in privacy- and security-critical settings.

Abstract

Cybersecurity risk management consists of several steps including the selection of appropriate controls to minimize risks. This is a difficult task that requires to search through all possible subsets of a set of available controls and identify those that minimize the risks of all stakeholders. Since stakeholders may have different perceptions of the risks (especially when considering the impact of threats), conflicting goals may arise that require to find the best possible trade-offs among the various needs. In this work, we propose a quantitative and (semi)automated approach to solve this problem based on the well-known notion of Pareto optimality. For validation, we show how a prototype tool based on our approach can assist in the Data Protection Impact Assessment mandated by the General Data Protection Regulation on a simplified but realistic use case scenario. We also evaluate the scalability of the approach by conducting an experimental evaluation with the prototype with encouraging results.
Paper Structure (16 sections, 11 equations, 4 figures, 7 tables)

This paper contains 16 sections, 11 equations, 4 figures, 7 tables.

Table of Contents

  1. Introduction
  2. Plan of the paper
  3. Multi-Stakeholder Risk Minimization Problem (MSRMP)
  4. Running Example: An Application of the GDPR's DPIA
  5. Problem Formalization
  6. Defining Instances of the MSRMP
  7. Defining Impacts Levels According to Stakeholders: A First Attempt
  8. A Less Subjective Definition of Impact Levels
  9. Implementation and Experimental Evaluation
  10. Applying the Prototype Tool on the Running Example
  11. Experimental Results
  12. Test 1: upfront computation of feasible solutions
  13. Test 2: interleaving the computation of feasible and optimal solutions
  14. Discussion on experiments
  15. Related Work
  16. ...and 1 more sections

Figures (4)

  • Figure 1: Overview on the main stakeholders in the scenario and their interaction with the system's components.
  • Figure 2: The solution points.
  • Figure 3: Architecture of the implemented tool
  • Figure 4: All feasible solutions (i.e., the search space) in the running example scenario.