Analyzing Risk Level from ROI and VOI for Robust Data Privacy using Fuzzy Inference System��

Hello!

I am Rabab Khan Rongon

2

Abstract

3

Synergistic Approach

Context

• Data privacy is increasingly critical due to rising cyber threats and data

breaches.

• Organizations face challenges in balancing investments in data protection

with benefits.

Research Focus

• Proposes a framework that integrates ROI and VOI within a Fuzzy Inference

System (FIS) to assess data privacy risks.

​

4

Analyzing ROI

• Return on Investment (ROI)

Financial Justification:

• A positive ROI indicates that the investment is financially

viable, contributing to the overall profitability of the

organization.

​

Prioritization: When prioritizing investments based on ROI,

businesses should focus on measures that provide the highest

economic returns relative to their costs. This is particularly

important for optimizing budget allocations, ensuring that each

dollar spent on data protection contributes to the company's

bottom line.

5

Analyzing VOI

• Value of Information (VOI)

Financial Justification:

• The financial justification for VOI lies in its ability to

highlight the potential losses or inefficiencies that could

occur if critical information is compromised.

• Even if a data protection measure has a lower ROI,

its protection of highly valuable information (as assessed by

VOI) can justify the investment.

• Prioritization: VOI-driven prioritization ensures that data

protection strategies align with the strategic importance of

the information, helping to prevent significant non-financial

losses, such as reputational damage or operational

disruptions.

6

Balancing ROI and VOI:

• ROI provides a financial lens, while VOI emphasizes the strategic

and operational value of information.

• Together, they ensure that data protection investments are both

economically sound and strategically aligned with the

organization’s priorities.

• This balance helps organizations optimize their data privacy

strategies by ensuring that they invest in areas that not only

generate financial returns but also protect the most valuable assets.

​

7

Combining ROI, VOL, and Fuzzy Logic

​

• The research integrates ROI and VOI analysis with fuzzy logic.
• This approach maximizes security while minimizing investment risks.
• This combination provides a nuanced evaluation of data

protection strategies.

• It helps stakeholders allocate resources more efficiently and choose cost-effective security measures.

8

Literature Review

9

Syed et al. (2016)

• What They Did: Developed a comprehensive data protection model focusing on data classification, access control, and encryption.

​

• Significance: Their work provides a solid foundation for understanding the multifaceted nature of data protection in organizations.

​

• Importance: While the model is comprehensive, it lacks a focus on the economic aspects, leaving room for further research on cost optimization.

10

Chen and Wang (2018)

• What They Did: Introduced a risk-based approach to data protection, incorporating threat modeling and vulnerability assessment.

​

• Significance: This approach added valuable insights into identifying and prioritizing data protection needs through risk assessment.

​

• Importance: Their model lacked a mechanism for optimizing resource allocation, highlighting the need for further research on economic efficiency in data protection.

11

Lee et al. (2019)

​

• What He Did: Proposed a fuzzy logic-based model for evaluating information security investments, considering both quantitative and qualitative factors.

​

• Significance: Brought together both numerical and non-numerical data in a fuzzy logic framework to better evaluate security investments.

​

• Impact: Although the model made strides in balancing quantitative and qualitative factors, it did not explicitly address the VOI, suggesting room for further integration in future research.

12

Research Methodology

13

Architecture of FIS Model

14

Scatter plot of the relationship between ROI, VOI with Risk level

15

Big concept

The Universe of Discourse (UOD) defines the range of possible values for input and output variables in a fuzzy logic system.

16

Why Define UOD?

​

• Context and Scope: By defining the UOD, you establish the context and scope within which your fuzzy logic system operates.

​

• Linguistic Variables and Fuzzy Sets: The UOD allows you to interpret and quantify linguistic variables (e.g., "low," "medium," "high") and their associated fuzzy sets.

​

• Effective Analysis: It helps in developing data protection strategies that can adapt to uncertainties and complexities inherent in quantum computing environments.

17

Variables in the Current Research

18

Volatility of Investment

Return on Investment

Risk

Level

Values of UOD in variable

​

• UOD for ROI: Captures the full range of potential financial returns from security investments, from no return (0%) to maximum return (20%).

​

• UOD for VOL: Represents the variability in investment returns, from no volatility (0%) to high volatility (10%).

​

• UOD for Risk Level: Indicates the level of risk from very low (1) to very high (10).

19

Membership functions are used in fuzzy logic to define how each point in the input space is mapped to a degree of membership between 0 and 1.

20

“

Why Define Membership Functions?

​

• Quantification of Uncertainty: MFs allow you to quantify and reason about uncertainties in data protection strategies.

​

• Informed Decision-Making: They enable informed decision-making and risk assessment by providing a framework to interpret and analyze data.

​

• Boundaries for Variables: MFs establish clear boundaries within which linguistic terms operate, facilitating the interpretation of values in fuzzy logic analysis.

21

Ranges of Variable in MF

Return on Investment

Ranges:

Low: Defined over the range [1, 7]

Medium: Defined over the range [6, 14]

High: Defined over the range [7, 20]

​

​

Value of Information

Ranges:

Low: Defined over the range [0, 4]

Medium: Defined over the range [4, 7]

High: Defined over the range [7, 10]

​

Risk Level

Ranges:

Very Low: Defined over the range [1, 3]

Low: Defined over the range [2, 5]

Medium: Defined over the range [4, 7]

High: Defined over the range [6, 9]

Very High: Defined over the range [8, 10]

​

22

Mathematical Representation of ROI

23

Mathematical Representation of VOI

24

Mathematical Representation of Risk Level (Output):

25

Design of Fuzzy Knowledge-based Rules

​

​

​

26

TABLE I: Fuzzy knowledge base rules matrix

Rules

​

• IF ROI is Low AND VOI is Low THEN Risk Level is Very High
• IF ROI is Low AND VOI is Medium THEN Risk Level is Very High
• IF ROI is Low AND VOI is High THEN Risk Level is Very High
• IF ROI is Medium AND VOI is Low THEN Risk Level is Medium
• IF ROI is Medium AND VOI is Medium THEN Risk Level is High
• IF ROI is Medium AND VOI is High THEN Risk level is Very High
• IF ROI is High AND VOI is Low THEN Risk Level is Very Low
• IF ROI is High AND VOI is Medium THEN Risk Level is Low
• IF ROI is High AND VOI is High THEN Risk Level is Medium

27

Fuzzy Inference Engine Model

• The technique of applying fuzzy logic to map a given input to an output is known as fuzzy inference.
• The mapping then serves as a foundation for judgment calls and the identification of trends.
• Mamdani fuzzy inference system is followed in this study. The first use of Mamdani fuzzy inference was to develop a control system by combining a collection of linguistic control rules gathered from skilled human operators.
• Mamdani use the center of gravity method for defuzzification

28

TEST CASE ANALYSIS AND EXPERIMENTATION�

29

Test Case-1: IF ROI is Low AND VOI is Low THEN Risk Level is Very High

30

Test Case-2: 2. IF ROI is Low AND VOI is Medium THEN Risk Level is Very High

31

RESULT ANALYSIS�

32

Crisp values derived through three defuzzification methods

33

3D Plotting of Result of Defuzzification Method

34

CoA

BoA

MoM

Thanks!

Any questions?

35