Redalyc.Quality Function Deployment (QFD ... - Semantic Scholar
International Journal of Combinatorial Optimization Problems and Informatics E-ISSN: 2007-1558 [email protected] International Journal of Combinatorial Optimization Problems and Informatics México Ruiz-Vanoye, Jorge A.; Díaz-Parra, Ocotlán; Nolazco-Flores, Juan Arturo; Canepa Saenz, Ana; Hernández, Víctor H.; Mendoza Gongora, Heriberto Quality Function Deployment (QFD) House of Quality for Strategic Planning of Computer Security of SMEs International Journal of Combinatorial Optimization Problems and Informatics, vol. 4, núm. 1, eneroabril, 2013, pp. 39-53 International Journal of Combinatorial Optimization Problems and Informatics Morelos, México
Available in: http://www.redalyc.org/articulo.oa?id=265225625005
How to cite Complete issue More information about this article Journal's homepage in redalyc.org
Scientific Information System Network of Scientific Journals from Latin America, the Caribbean, Spain and Portugal Non-profit academic project, developed under the open access initiative
© International Journal of Combinatorial Optimization Problems and Informatics, Vol. 4, No. 1, Jan-April 2013, pp. 39-53. ISSN: 2007-1558
Quality Function Deployment (QFD) House of Quality for Strategic Planning of Computer Security of SMEs
Jorge A. Ruiz-Vanoye1, Ocotlán Díaz-Parra1, Juan Arturo Nolazco-Flores 2, Ana Canepa Saenz1, Víctor H. Hernández1, Heriberto Mendoza Gongora1 1 2
Universidad Autónoma del Carmen, México. Tec de Monterrey Campus Monterrey, México.
Abstract: This article proposes to implement the Quality Function Deployment (QFD) House of Quality for strategic planning of computer security for Small and Medium Enterprises (SME). The House of Quality (HoQ) applied to computer security of SME is a framework to convert the security needs of corporate computing in a set of specifications to improve computer security. Keywords: House of Quality, QFD, Computer Security, SMEs.
1. Introduction The Small and Medium Enterprises (SMEs), Small and Medium Businesses (SMBs) or Very Small Enterprises (VSEs) are companies with fewer than 10 employees (Micro enterprises), 50 employees (small) and those with fewer than 250 (medium). In most economies, smaller enterprises are much greater in number [1].
The use of the strategic planning in questions of computer security is an excellent mechanism to administer aspects of security in any SME. Ruiz-Vanoye et al. (2008) [2] are the first to propose to apply the strategic planning for the computer security. The methods of strategic planning for computer science security are: The matrix of recommendations and threats (RT matrix), The matrix of mechanism and vulnerabilities (MV matrix), The matrix of vulnerabilities, recommendations, threats and mechanism (VRTM matrix), and the quantitative strategic planning matrix for computer science security (QSPM-CSS). Ruiz-Vanoye et al. (2012) [3] apply the strategic planning for the computer science security of network and systems in SMEs with the following characteristics: easy to understand, easy to apply, and economical in its adoption. This paper proposes to implement the Quality Function Deployment (QFD) House of Quality for strategic planning of computer security for Small and Medium Enterprises Received Jul 30, 2012 / Accepted Dec 6, 2012 Editorial Académica Dragón Azteca (EDITADA.ORG)
Ruiz-Vanoye et al. / Quality Function Deployment (QFD) House of Quality for Strategic Planning of Computer Security of SMEs. IJCOPI Vol. 4, No. 1, Jan-April 2013, pp. 39-53. EDITADA. ISSN: 2007-1558.
(SME). The House of Quality (HoQ) applied to computer security of SME is a framework to convert the security needs of corporate computing in a set of specifications to improve computer security. The paper is organized as describing the House of Quality for Strategic Planning of Computer Security to the SMEs, the results, discussion and the conclusions.
2. Related Works
Louis Cohen [4] proposed a four-phase Quality function deployment (QFD) model in a discussion of product development; these phases respectively consist of customer requirement planning (CRP), product characteristics deployment (PCD), process and quality control (PQC), and the operative instruction (OPI). The CRP phase of the QFD model consists of use of a matrix, known as the House of Quality (HOQ), which uses matrices to show multiple relationships between customer requirements and technical specifications.
Quality function deployment (QFD) is a widely-used methodology for developing a design quality aimed at satisfying the customer and translating the customer’s demand into design targets [5]. Quality function deployment (QFD) is an effective tool that can aid in moving towards a more proactive product development [5].
The idea of introducing quality at the design stage was developed for manufacturing processes by Taguchi to ensure what he called "robust quality" (Taguchi and Clausing 1990[6]). This idea is also the foundation of the "house of quality" matrix of Hauser and Clausing (1988) [7].
Quality Function Deployment (QFD) was developed in Japan by Shigeru Mizuno and Yoji Akao, first implemented in Mitsubishi in 1972, later adopted in US in 1983 [8]. Quality has been one of the competitive strategies in the global market. To ensure quality companies have adopted the Total Quality Management (TQM) as a part of success in business goals and have used TQM methods (such as function development of Quality or Quality Function Deployment-QFD) for the design of process control.
40
Ruiz-Vanoye et al. / Quality Function Deployment (QFD) House of Quality for Strategic Planning of Computer Security of SMEs. IJCOPI Vol. 4, No. 1, Jan-April 2013, pp. 39-53. EDITADA. ISSN: 2007-1558.
QFD was applied to many industrial problems such as product design, strategic planning, renewal of a telecommunications wiring closet, and improved customer service. The basic concept of QFD is to translate the desires of consumers in product design or characteristics and parts. Each translation uses a matrix called House of Quality (HoQ) to identify customer requirements and prioritize Design Requirements (DRs) to meet customer requirements.
HOQ displayed in a matrix showing the customer requirements in rows and columns design requirements; their relationships within the matrix, and their correlations or dependencies of the design requirements on top of the matrix. HOQ also uses a weighting scale to indicate the degree of strength between customer requirements and design requirements. QFD was originally created by Mitsubishi in 1972 [8].
The House of Quality has been used for the determination of an optimal set of requirements for the design of the problem of improving indoor air quality [9]. The House of Quality has been used mainly in the production of related products manufacturing. For example for the manufacturing process of metal [10]. To prioritize knowledge management of data storage solutions and data mining systems for Taiwan's international airport [11].
Charuenporn [12] proposes a new way of developing Quality of Service QoS-SM using Qos ontology mapping with two information system standards, COBIT and ITIL, as a result of which new Qos-SM are developed, by represents the metrics in the form of a class diagram, thus facilitating its application in the organization.
Kim Dohoon [13] proposes an integrated framework of House of Quality (HoQ) and analytical hierarchy process (AHP) for the improvement of network-based ASP services. The proposed integrated framework successfully finds key functional elements, such as business customization and security/failure management, to reengineer the service delivery process, thereby helping service providers develop better ASP services to improve QoE effectively and efficiently.
41
Ruiz-Vanoye et al. / Quality Function Deployment (QFD) House of Quality for Strategic Planning of Computer Security of SMEs. IJCOPI Vol. 4, No. 1, Jan-April 2013, pp. 39-53. EDITADA. ISSN: 2007-1558.
This paper propose to implement the Quality Function Deployment (QFD) House of Quality for strategic planning of computer security for Small and Medium Enterprises (SME).
3. House of Quality for Strategic Planning of Computer Security
The House of Quality applied to computer security of SME is a framework to convert the security needs of corporate computing in a set of specifications to improve computer security. The House of Quality for the strategic planning of computer security includes: Computer security requirements of the company. It is one of inputs of the House of Quality and It is defined the analysis, interviews, assessing risks and vulnerabilities in computer security, among others. The relationship matrix. This is the dimension where requirements correspond or match with characteristics or specifications the improvement of the computer security. Security Characteristics. Product features or specifications to improve computer security focus on how to should implement the security aspects of the enterprise. Correlation matrix. In this stage is classified as strongly positive, positive, negative, strongly negative and none. Competitive benchmark. The result of the relationship matrix is compared with the security products available on the market. And is used to enhance weaknesses identified in the comparison. Technical Details. In this section, the matrix relationship begins to analyze and measure with computer security plan of the company related with the times, costs and difficulties. Technical Benchmark. This is the assessment of the improvements to computer security and the specifications or characteristics of the computer security. Goals. Herein determining the goals that must be obtained to improve the computer security of SMEs.
42
Ruiz-Vanoye et al. / Quality Function Deployment (QFD) House of Quality for Strategic Planning of Computer Security of SMEs. IJCOPI Vol. 4, No. 1, Jan-April 2013, pp. 39-53. EDITADA. ISSN: 2007-1558.
Correlation matrix
Security Characteristics
Computer security requirements of the company
Relative Importance
Relationship matrix
Competitive benchmark
Technical Details Technical Benchmark Goals
Figure 1. Methodology of House of Quality applied to computer security.
The process for making the House of Quality for information security of SME consists of the following steps: 1.-Make a list of 10 computer security needs of the company (CSR) from interviews and vulnerability analysis. And the ranks assigned section for information security needs of the company. It also determines the relative importance (RI) of each of the needs with values between 0 (unimportant) to 10 (very important).
1 2 … n
Relative Importance
# Rows
Table 1. Needs of Computer Security.
Computer security requirements of the company
RI1 RI2 … RIn
CSR1 CSR2 … CSRn
43
Ruiz-Vanoye et al. / Quality Function Deployment (QFD) House of Quality for Strategic Planning of Computer Security of SMEs. IJCOPI Vol. 4, No. 1, Jan-April 2013, pp. 39-53. EDITADA. ISSN: 2007-1558.
Correlation matrix
Security Characteristics
Computer security requirements of the company
Relative Importance
Relationship matrix
Competitive benchmark
Technical Details Technical Benchmark Goals
Figure 2. Computer Security Requeriments of the Company.
2.- Determine 15 security Characteristics (SC) that focus on how you should implement the security aspects in the company. And assigns in the columns for the features section of the computer security company.
10
11
12
13
14
15
SC14
SC15
SC6
9
SC13
SC5
8
SC12
SC4
7
SC11
6
SC10
5
SC9
4
SC8
3
SC7
2
SC3
SC1
Security Characteristics
# 1 Column
SC2
Tabla 2. Security characteristics.
44
Ruiz-Vanoye et al. / Quality Function Deployment (QFD) House of Quality for Strategic Planning of Computer Security of SMEs. IJCOPI Vol. 4, No. 1, Jan-April 2013, pp. 39-53. EDITADA. ISSN: 2007-1558.
Correlation matrix
Security Characteristics
Computer security requirements of the company
Relative Importance
Relationship matrix
Competitive benchmark
Technical Details Technical Benchmark Goals
Figure 3. Security characteristics in the HoQ.
3.- Develops the evaluation corresponding to the matrix of relationship. Assigns Θ to the strong relationship (9), Ο moderate relationship (3), or ? weak relationship (1) where the needs corresponding or match the characteristics or specifications to improve computer security.
Θ
Ο
?
45
SC15 ?
Ο Ο
SC14
SC13 Θ
? Θ
SC12
?
SC11
SC9
?
SC10
SC8
SC7
SC6
SC5
SC4 Ο
?
… CSRn
SC3
Θ
CSR1 CSR2
SC2
SC1
Table 3. Matrix of relationship.
Θ
? Ο
Ruiz-Vanoye et al. / Quality Function Deployment (QFD) House of Quality for Strategic Planning of Computer Security of SMEs. IJCOPI Vol. 4, No. 1, Jan-April 2013, pp. 39-53. EDITADA. ISSN: 2007-1558.
Correlation matrix
Security Characteristics
Computer security requirements of the company
Relative Importance
Relationship matrix
Competitive benchmark
Technical Details Technical Benchmark Goals
Figure 4. Matirx of relationship in the HoQ.
4.- Assigns 5-10 to computer security products on the market at competitive benchmark section. Computer security products will serve to improve the weaknesses identified in the company. Rate 0 to 5, where 0 is the worst rating of the product that solves the weaknesses of the company and 5 the best.
46
Ruiz-Vanoye et al. / Quality Function Deployment (QFD) House of Quality for Strategic Planning of Computer Security of SMEs. IJCOPI Vol. 4, No. 1, Jan-April 2013, pp. 39-53. EDITADA. ISSN: 2007-1558.
P2
0
2
5
1
5
0
2
1
4
5
3
2
…
P1
P 10
Table 4. Competitive Benchmark.
Correlation matrix
Security Characteristics
Computer security requirements of the company
Relative Importance
Relationship matrix
Competitive benchmark
Technical Details Technical Benchmark Goals
Figure 5. Competitive Benchmark in HoQ.
47
Ruiz-Vanoye et al. / Quality Function Deployment (QFD) House of Quality for Strategic Planning of Computer Security of SMEs. IJCOPI Vol. 4, No. 1, Jan-April 2013, pp. 39-53. EDITADA. ISSN: 2007-1558.
5.- Determines the time and computational costs of each solution, and the difficulty required to implement the business plan according to computer security company in the technical details section. Assign between 0 to implementation that is easy to perform and 10 if it is extremely difficult. Table 5. Technical Details.
Time Cost Difficulty
T1 T2 T3 C1 C2 D1 D2
…
T15 C15 D15
Correlation matrix
Security Characteristics
Computer security requirements of the company
Relative Importance
Relationship matrix
Competitive benchmark
Technical Details Technical Benchmark Goals
Figure 6. Technical Details in HoQ.
48
Ruiz-Vanoye et al. / Quality Function Deployment (QFD) House of Quality for Strategic Planning of Computer Security of SMEs. IJCOPI Vol. 4, No. 1, Jan-April 2013, pp. 39-53. EDITADA. ISSN: 2007-1558.
6.- Calculate the importance of improve the information security and allocate in the section technical benchmark from 0 (unimportant) to 10 (very important). Table 6. Technical Benchmark. Importance I1
I2
I3
…
I15
Correlation matrix
Security Characteristics
Computer security requirements of the company
Relative Importance
Relationship matrix
Competitive benchmark
Technical Details Technical Benchmark Goals
Figure 7. Technical Benchmark in HoQ.
7.- Determine the goals to be fulfilled at the time of improve the information security, and assign to the goals section. Table 7. Goals. Goals
G1 G2 G3 …
49
G15
Ruiz-Vanoye et al. / Quality Function Deployment (QFD) House of Quality for Strategic Planning of Computer Security of SMEs. IJCOPI Vol. 4, No. 1, Jan-April 2013, pp. 39-53. EDITADA. ISSN: 2007-1558.
Correlation matrix
Security Characteristics
Computer security requirements of the company
Relative Importance
Relationship matrix
Competitive benchmark
Technical Details Technical Benchmark Goals
Figure 8. Goals in the HoQ.
8.- Rate the correlation between each of the security features and assign ┼┼ to the strongly positive correlation, ┼ the positive correlation, ▬ the negative correlation, ▼ if the objective is to minimize, ▲if the objective is to maximize, x if the goal is only the fulfillment of the activity.
50
Ruiz-Vanoye et al. / Quality Function Deployment (QFD) House of Quality for Strategic Planning of Computer Security of SMEs. IJCOPI Vol. 4, No. 1, Jan-April 2013, pp. 39-53. EDITADA. ISSN: 2007-1558.
Correlation matrix
Security Characteristics
Computer security requirements of the company
Relative Importance
Relationship matrix
Competitive benchmark
Technical Details Technical Benchmark Goals
Figure 9. Correlation Matrix.
51
Ruiz-Vanoye et al. / Quality Function Deployment (QFD) House of Quality for Strategic Planning of Computer Security of SMEs. IJCOPI Vol. 4, No. 1, Jan-April 2013, pp. 39-53. EDITADA. ISSN: 2007-1558.
4. Experimentation The general idea of this research is to determine if it is possible to use the concepts of House of Quality to determine the information security of small and medium enterprises. The experimentation was conducted by the methodology House of Quality for Strategic Planning of Computer Security of SMEs. It was necessary to create a solution based on information technology applied to matrix of House of Quality for computer security of SMEs. The technological solution was applied to a SME of Campeche state. Sym bols
┼
┼
┼
10
11
12
▲
▲
x
▲
▲
x
▲
x
▲
▲
x
x
Configure the filter to the download of files attached to the e-mails
Copy from the server the updates to a local server
Create a form and a incident policy
Implement a device of the router between the Interner Service Provider and the main switch of the company
Disable the access of the usb device
Configure a password in the BIOS to the Computers
Create the Recovery Plan
Θ
13
14
Ο
7.0
12.5
10.0 Physical Security
Log of incidents
4
10.0
8.0
Intrusion Detecion System
5
11.3
9.0
Antivirus
6
11.3
9.0
Filters of spams
7
7.5
6.0
Update of Operating Systems
8
6.3
5.0
Log of access
9
12.5
10.0 Administrator of Computer Security
10
7.5
6.0
▲
▲
▲
Θ
Θ
▲
▲
Θ
▲
▲
Θ
5
4
3
5
4
5
3
Ο
to minimize to maximice fulfill the activity
0
Company
CISCO
SYMANTEC
AVAYA
TELMEX
MICROSOTF
1
2
3
4
5
5 5
Θ
3
Ο
Θ
5
1 month,$5000
20 HRS,$5000
1 week,$0
2 months,$2000
1 week+,$5000
2 weeks,$1000
2 weeks,$0
1 week,$0
1 week,$0
2 months,$15000
1 week,$0
1 week,$0
1
5
1
10
10
3
7
7
1
10
3
3
1
5
1
10
10
3
7
7
1
10
3
3
Document
Software
Software
Software
Configuration
Document
Configuration
Configuration
Configuration
5
Document
Goals
negative correlation (strong)
5
▲
Capacitation
Difficulty (0=Easy to Accomplish, 10=Extremely Difficult) Technical Benchm ark (Im portance)
Ο
▲
Intrusers in the w ireless
positive correlation negative correlationa
Com petitive Benchm ark (0=Worst, 5=Best)
Θ Θ
Technical Details (tim e, cost)
▲
1
positive correlation (strong)
5
Θ
Software
8.8
3
3
w eak relationship
5
Θ
2
9
moderate relationship
15
MICROSOTF
9
TELMEX
8
Instal a intrusion detection system
7
Buy a intrusion detection system
6
Create a form and a security policy to access the servers
5
10.0 Disaster Recovery Plan
strong relationship
┼┼
4
Buy and install an antivirus
┼┼
3
Needs of Com puter Security of the Com pany(1)
Weight Relative Importance
12.5
┼
┼
┼
2
CHARACTERISTICS OF SECURITY
1
┼┼
┼┼
┼
┼┼
1
Capacitation of the administrator of Computer Science
Colum n # Direction of Im provem ent: Minimize (▼), Maximize (▲), or Target (x)
┼
┼
┼
AVAYA
┼┼
┼
SYMANTEC
┼
┼
┼
CISCO
┼┼
Company
┼
Θ Ο ▲ ┼┼ ┼ ▬ ▼ ▼ ▲ x
4 3
Figure 10. House of Quality of the PYME.
5. Conclusions The strategic planning of computer security can be seen as a military strategy, if the security strategies are not effective neither product on the world will protect the company from aspects of computer security. As future work plans to conduct a research of the Total Quality Management (TQM) or Quality Function Depolyment (QFD) as applied to computer security for SMEs. 52
Ruiz-Vanoye et al. / Quality Function Deployment (QFD) House of Quality for Strategic Planning of Computer Security of SMEs. IJCOPI Vol. 4, No. 1, Jan-April 2013, pp. 39-53. EDITADA. ISSN: 2007-1558.
References [1] DaeSoo, K., Ow, T.T., Minjoon, J.: SME strategies: an Assessment of High vs. Low Performers. Communications of ACM, Vol. 51, No. 11 (2008) 113-117. [2] Ruiz-Vanoye, J.A., Díaz-Parra, O., Ponce-Medellín, I.R., Olivares-Rojas, J.C.: Strategic Planning for the Computer Science Security. WSEAS Trans. Comput., Vol. 5, No. 7 (2008) 387-396. [3] Ruiz-Vanoye, J.A., Díaz-Parra, O., Zavala-Díaz, J.C.: Strategic Planning for Computer Science Security of Networks and Systems in SMEs. African Journal of Business Management, Vol.6, No. 3 (2012) 762-769. [4] Cohen, L.: Quality Function Deployment: How to Make QFD Work for You Addison-Wesley Publishing Company, New York, 1995. [5] Sullivan, L.P: Quality Function Deployment. Quality Progress, Vol. 19, No. 6 (1986) 39-50. [6] Taguchi, G., Clausing, D.: Robust quality. Harvard Business Review (1990) 65-75. [7] Hauser, J., Clausing, D.: The house of quality. Harvard Business Review Vol. 3 (1988) 63-73. [8] Shigeru, M., Akao, Y.: Quality Function Deployment: A company Wide Quality Approach (in Japanese), JUSE Press, 1978. [9] Taeho, P., Kwang-Jae, K.: Determination of an optimal set of design requirements using house of quality. Journal of Operations Management, Vol. 16, No. 5 (1998) 569-581, [10] Lowe, A., Ridgway, K., Atkinson, H.: QFD in new production technology evaluation. International Journal of Production Economics, Vol. 67, No. 2 (2000) 103-112. [11] Gin-Shuh, L., Ji-Feng, D., Chun-Kai, W.: Applying fuzzy quality function deployment to prioritize solutions of knowledge management for an international port in Taiwan. Knowledge-Based Systems, Vol. 33 (2012) 83-91. [12] Charuenporn, P., Intakosum, S.:Qos-Security Metrics Based on ITIL and COBIT Standard for Measurement Web Services. Journal of universal computer science, Vol. 18, No. 6 (2012) 775-797. [13] Dohoon, K.: An integrated framework of HoQ and AHP for the QOE improvement of network-based ASP services. Annals of telecommunications, Vol. 65, No. 1-2 (2010) 19-29. [14] Kogure, M., Akao, Y.: Quality Function Deployment and Company Wide Quality Control in Japan: a strategy for assuring that quality is built into products. Quality Progress (1983) 25-29
53
Available in: http://www.redalyc.org/articulo.oa?id=265225625005
How to cite Complete issue More information about this article Journal's homepage in redalyc.org
Scientific Information System Network of Scientific Journals from Latin America, the Caribbean, Spain and Portugal Non-profit academic project, developed under the open access initiative
© International Journal of Combinatorial Optimization Problems and Informatics, Vol. 4, No. 1, Jan-April 2013, pp. 39-53. ISSN: 2007-1558
Quality Function Deployment (QFD) House of Quality for Strategic Planning of Computer Security of SMEs
Jorge A. Ruiz-Vanoye1, Ocotlán Díaz-Parra1, Juan Arturo Nolazco-Flores 2, Ana Canepa Saenz1, Víctor H. Hernández1, Heriberto Mendoza Gongora1 1 2
Universidad Autónoma del Carmen, México. Tec de Monterrey Campus Monterrey, México.
Abstract: This article proposes to implement the Quality Function Deployment (QFD) House of Quality for strategic planning of computer security for Small and Medium Enterprises (SME). The House of Quality (HoQ) applied to computer security of SME is a framework to convert the security needs of corporate computing in a set of specifications to improve computer security. Keywords: House of Quality, QFD, Computer Security, SMEs.
1. Introduction The Small and Medium Enterprises (SMEs), Small and Medium Businesses (SMBs) or Very Small Enterprises (VSEs) are companies with fewer than 10 employees (Micro enterprises), 50 employees (small) and those with fewer than 250 (medium). In most economies, smaller enterprises are much greater in number [1].
The use of the strategic planning in questions of computer security is an excellent mechanism to administer aspects of security in any SME. Ruiz-Vanoye et al. (2008) [2] are the first to propose to apply the strategic planning for the computer security. The methods of strategic planning for computer science security are: The matrix of recommendations and threats (RT matrix), The matrix of mechanism and vulnerabilities (MV matrix), The matrix of vulnerabilities, recommendations, threats and mechanism (VRTM matrix), and the quantitative strategic planning matrix for computer science security (QSPM-CSS). Ruiz-Vanoye et al. (2012) [3] apply the strategic planning for the computer science security of network and systems in SMEs with the following characteristics: easy to understand, easy to apply, and economical in its adoption. This paper proposes to implement the Quality Function Deployment (QFD) House of Quality for strategic planning of computer security for Small and Medium Enterprises Received Jul 30, 2012 / Accepted Dec 6, 2012 Editorial Académica Dragón Azteca (EDITADA.ORG)
Ruiz-Vanoye et al. / Quality Function Deployment (QFD) House of Quality for Strategic Planning of Computer Security of SMEs. IJCOPI Vol. 4, No. 1, Jan-April 2013, pp. 39-53. EDITADA. ISSN: 2007-1558.
(SME). The House of Quality (HoQ) applied to computer security of SME is a framework to convert the security needs of corporate computing in a set of specifications to improve computer security. The paper is organized as describing the House of Quality for Strategic Planning of Computer Security to the SMEs, the results, discussion and the conclusions.
2. Related Works
Louis Cohen [4] proposed a four-phase Quality function deployment (QFD) model in a discussion of product development; these phases respectively consist of customer requirement planning (CRP), product characteristics deployment (PCD), process and quality control (PQC), and the operative instruction (OPI). The CRP phase of the QFD model consists of use of a matrix, known as the House of Quality (HOQ), which uses matrices to show multiple relationships between customer requirements and technical specifications.
Quality function deployment (QFD) is a widely-used methodology for developing a design quality aimed at satisfying the customer and translating the customer’s demand into design targets [5]. Quality function deployment (QFD) is an effective tool that can aid in moving towards a more proactive product development [5].
The idea of introducing quality at the design stage was developed for manufacturing processes by Taguchi to ensure what he called "robust quality" (Taguchi and Clausing 1990[6]). This idea is also the foundation of the "house of quality" matrix of Hauser and Clausing (1988) [7].
Quality Function Deployment (QFD) was developed in Japan by Shigeru Mizuno and Yoji Akao, first implemented in Mitsubishi in 1972, later adopted in US in 1983 [8]. Quality has been one of the competitive strategies in the global market. To ensure quality companies have adopted the Total Quality Management (TQM) as a part of success in business goals and have used TQM methods (such as function development of Quality or Quality Function Deployment-QFD) for the design of process control.
40
Ruiz-Vanoye et al. / Quality Function Deployment (QFD) House of Quality for Strategic Planning of Computer Security of SMEs. IJCOPI Vol. 4, No. 1, Jan-April 2013, pp. 39-53. EDITADA. ISSN: 2007-1558.
QFD was applied to many industrial problems such as product design, strategic planning, renewal of a telecommunications wiring closet, and improved customer service. The basic concept of QFD is to translate the desires of consumers in product design or characteristics and parts. Each translation uses a matrix called House of Quality (HoQ) to identify customer requirements and prioritize Design Requirements (DRs) to meet customer requirements.
HOQ displayed in a matrix showing the customer requirements in rows and columns design requirements; their relationships within the matrix, and their correlations or dependencies of the design requirements on top of the matrix. HOQ also uses a weighting scale to indicate the degree of strength between customer requirements and design requirements. QFD was originally created by Mitsubishi in 1972 [8].
The House of Quality has been used for the determination of an optimal set of requirements for the design of the problem of improving indoor air quality [9]. The House of Quality has been used mainly in the production of related products manufacturing. For example for the manufacturing process of metal [10]. To prioritize knowledge management of data storage solutions and data mining systems for Taiwan's international airport [11].
Charuenporn [12] proposes a new way of developing Quality of Service QoS-SM using Qos ontology mapping with two information system standards, COBIT and ITIL, as a result of which new Qos-SM are developed, by represents the metrics in the form of a class diagram, thus facilitating its application in the organization.
Kim Dohoon [13] proposes an integrated framework of House of Quality (HoQ) and analytical hierarchy process (AHP) for the improvement of network-based ASP services. The proposed integrated framework successfully finds key functional elements, such as business customization and security/failure management, to reengineer the service delivery process, thereby helping service providers develop better ASP services to improve QoE effectively and efficiently.
41
Ruiz-Vanoye et al. / Quality Function Deployment (QFD) House of Quality for Strategic Planning of Computer Security of SMEs. IJCOPI Vol. 4, No. 1, Jan-April 2013, pp. 39-53. EDITADA. ISSN: 2007-1558.
This paper propose to implement the Quality Function Deployment (QFD) House of Quality for strategic planning of computer security for Small and Medium Enterprises (SME).
3. House of Quality for Strategic Planning of Computer Security
The House of Quality applied to computer security of SME is a framework to convert the security needs of corporate computing in a set of specifications to improve computer security. The House of Quality for the strategic planning of computer security includes: Computer security requirements of the company. It is one of inputs of the House of Quality and It is defined the analysis, interviews, assessing risks and vulnerabilities in computer security, among others. The relationship matrix. This is the dimension where requirements correspond or match with characteristics or specifications the improvement of the computer security. Security Characteristics. Product features or specifications to improve computer security focus on how to should implement the security aspects of the enterprise. Correlation matrix. In this stage is classified as strongly positive, positive, negative, strongly negative and none. Competitive benchmark. The result of the relationship matrix is compared with the security products available on the market. And is used to enhance weaknesses identified in the comparison. Technical Details. In this section, the matrix relationship begins to analyze and measure with computer security plan of the company related with the times, costs and difficulties. Technical Benchmark. This is the assessment of the improvements to computer security and the specifications or characteristics of the computer security. Goals. Herein determining the goals that must be obtained to improve the computer security of SMEs.
42
Ruiz-Vanoye et al. / Quality Function Deployment (QFD) House of Quality for Strategic Planning of Computer Security of SMEs. IJCOPI Vol. 4, No. 1, Jan-April 2013, pp. 39-53. EDITADA. ISSN: 2007-1558.
Correlation matrix
Security Characteristics
Computer security requirements of the company
Relative Importance
Relationship matrix
Competitive benchmark
Technical Details Technical Benchmark Goals
Figure 1. Methodology of House of Quality applied to computer security.
The process for making the House of Quality for information security of SME consists of the following steps: 1.-Make a list of 10 computer security needs of the company (CSR) from interviews and vulnerability analysis. And the ranks assigned section for information security needs of the company. It also determines the relative importance (RI) of each of the needs with values between 0 (unimportant) to 10 (very important).
1 2 … n
Relative Importance
# Rows
Table 1. Needs of Computer Security.
Computer security requirements of the company
RI1 RI2 … RIn
CSR1 CSR2 … CSRn
43
Ruiz-Vanoye et al. / Quality Function Deployment (QFD) House of Quality for Strategic Planning of Computer Security of SMEs. IJCOPI Vol. 4, No. 1, Jan-April 2013, pp. 39-53. EDITADA. ISSN: 2007-1558.
Correlation matrix
Security Characteristics
Computer security requirements of the company
Relative Importance
Relationship matrix
Competitive benchmark
Technical Details Technical Benchmark Goals
Figure 2. Computer Security Requeriments of the Company.
2.- Determine 15 security Characteristics (SC) that focus on how you should implement the security aspects in the company. And assigns in the columns for the features section of the computer security company.
10
11
12
13
14
15
SC14
SC15
SC6
9
SC13
SC5
8
SC12
SC4
7
SC11
6
SC10
5
SC9
4
SC8
3
SC7
2
SC3
SC1
Security Characteristics
# 1 Column
SC2
Tabla 2. Security characteristics.
44
Ruiz-Vanoye et al. / Quality Function Deployment (QFD) House of Quality for Strategic Planning of Computer Security of SMEs. IJCOPI Vol. 4, No. 1, Jan-April 2013, pp. 39-53. EDITADA. ISSN: 2007-1558.
Correlation matrix
Security Characteristics
Computer security requirements of the company
Relative Importance
Relationship matrix
Competitive benchmark
Technical Details Technical Benchmark Goals
Figure 3. Security characteristics in the HoQ.
3.- Develops the evaluation corresponding to the matrix of relationship. Assigns Θ to the strong relationship (9), Ο moderate relationship (3), or ? weak relationship (1) where the needs corresponding or match the characteristics or specifications to improve computer security.
Θ
Ο
?
45
SC15 ?
Ο Ο
SC14
SC13 Θ
? Θ
SC12
?
SC11
SC9
?
SC10
SC8
SC7
SC6
SC5
SC4 Ο
?
… CSRn
SC3
Θ
CSR1 CSR2
SC2
SC1
Table 3. Matrix of relationship.
Θ
? Ο
Ruiz-Vanoye et al. / Quality Function Deployment (QFD) House of Quality for Strategic Planning of Computer Security of SMEs. IJCOPI Vol. 4, No. 1, Jan-April 2013, pp. 39-53. EDITADA. ISSN: 2007-1558.
Correlation matrix
Security Characteristics
Computer security requirements of the company
Relative Importance
Relationship matrix
Competitive benchmark
Technical Details Technical Benchmark Goals
Figure 4. Matirx of relationship in the HoQ.
4.- Assigns 5-10 to computer security products on the market at competitive benchmark section. Computer security products will serve to improve the weaknesses identified in the company. Rate 0 to 5, where 0 is the worst rating of the product that solves the weaknesses of the company and 5 the best.
46
Ruiz-Vanoye et al. / Quality Function Deployment (QFD) House of Quality for Strategic Planning of Computer Security of SMEs. IJCOPI Vol. 4, No. 1, Jan-April 2013, pp. 39-53. EDITADA. ISSN: 2007-1558.
P2
0
2
5
1
5
0
2
1
4
5
3
2
…
P1
P 10
Table 4. Competitive Benchmark.
Correlation matrix
Security Characteristics
Computer security requirements of the company
Relative Importance
Relationship matrix
Competitive benchmark
Technical Details Technical Benchmark Goals
Figure 5. Competitive Benchmark in HoQ.
47
Ruiz-Vanoye et al. / Quality Function Deployment (QFD) House of Quality for Strategic Planning of Computer Security of SMEs. IJCOPI Vol. 4, No. 1, Jan-April 2013, pp. 39-53. EDITADA. ISSN: 2007-1558.
5.- Determines the time and computational costs of each solution, and the difficulty required to implement the business plan according to computer security company in the technical details section. Assign between 0 to implementation that is easy to perform and 10 if it is extremely difficult. Table 5. Technical Details.
Time Cost Difficulty
T1 T2 T3 C1 C2 D1 D2
…
T15 C15 D15
Correlation matrix
Security Characteristics
Computer security requirements of the company
Relative Importance
Relationship matrix
Competitive benchmark
Technical Details Technical Benchmark Goals
Figure 6. Technical Details in HoQ.
48
Ruiz-Vanoye et al. / Quality Function Deployment (QFD) House of Quality for Strategic Planning of Computer Security of SMEs. IJCOPI Vol. 4, No. 1, Jan-April 2013, pp. 39-53. EDITADA. ISSN: 2007-1558.
6.- Calculate the importance of improve the information security and allocate in the section technical benchmark from 0 (unimportant) to 10 (very important). Table 6. Technical Benchmark. Importance I1
I2
I3
…
I15
Correlation matrix
Security Characteristics
Computer security requirements of the company
Relative Importance
Relationship matrix
Competitive benchmark
Technical Details Technical Benchmark Goals
Figure 7. Technical Benchmark in HoQ.
7.- Determine the goals to be fulfilled at the time of improve the information security, and assign to the goals section. Table 7. Goals. Goals
G1 G2 G3 …
49
G15
Ruiz-Vanoye et al. / Quality Function Deployment (QFD) House of Quality for Strategic Planning of Computer Security of SMEs. IJCOPI Vol. 4, No. 1, Jan-April 2013, pp. 39-53. EDITADA. ISSN: 2007-1558.
Correlation matrix
Security Characteristics
Computer security requirements of the company
Relative Importance
Relationship matrix
Competitive benchmark
Technical Details Technical Benchmark Goals
Figure 8. Goals in the HoQ.
8.- Rate the correlation between each of the security features and assign ┼┼ to the strongly positive correlation, ┼ the positive correlation, ▬ the negative correlation, ▼ if the objective is to minimize, ▲if the objective is to maximize, x if the goal is only the fulfillment of the activity.
50
Ruiz-Vanoye et al. / Quality Function Deployment (QFD) House of Quality for Strategic Planning of Computer Security of SMEs. IJCOPI Vol. 4, No. 1, Jan-April 2013, pp. 39-53. EDITADA. ISSN: 2007-1558.
Correlation matrix
Security Characteristics
Computer security requirements of the company
Relative Importance
Relationship matrix
Competitive benchmark
Technical Details Technical Benchmark Goals
Figure 9. Correlation Matrix.
51
Ruiz-Vanoye et al. / Quality Function Deployment (QFD) House of Quality for Strategic Planning of Computer Security of SMEs. IJCOPI Vol. 4, No. 1, Jan-April 2013, pp. 39-53. EDITADA. ISSN: 2007-1558.
4. Experimentation The general idea of this research is to determine if it is possible to use the concepts of House of Quality to determine the information security of small and medium enterprises. The experimentation was conducted by the methodology House of Quality for Strategic Planning of Computer Security of SMEs. It was necessary to create a solution based on information technology applied to matrix of House of Quality for computer security of SMEs. The technological solution was applied to a SME of Campeche state. Sym bols
┼
┼
┼
10
11
12
▲
▲
x
▲
▲
x
▲
x
▲
▲
x
x
Configure the filter to the download of files attached to the e-mails
Copy from the server the updates to a local server
Create a form and a incident policy
Implement a device of the router between the Interner Service Provider and the main switch of the company
Disable the access of the usb device
Configure a password in the BIOS to the Computers
Create the Recovery Plan
Θ
13
14
Ο
7.0
12.5
10.0 Physical Security
Log of incidents
4
10.0
8.0
Intrusion Detecion System
5
11.3
9.0
Antivirus
6
11.3
9.0
Filters of spams
7
7.5
6.0
Update of Operating Systems
8
6.3
5.0
Log of access
9
12.5
10.0 Administrator of Computer Security
10
7.5
6.0
▲
▲
▲
Θ
Θ
▲
▲
Θ
▲
▲
Θ
5
4
3
5
4
5
3
Ο
to minimize to maximice fulfill the activity
0
Company
CISCO
SYMANTEC
AVAYA
TELMEX
MICROSOTF
1
2
3
4
5
5 5
Θ
3
Ο
Θ
5
1 month,$5000
20 HRS,$5000
1 week,$0
2 months,$2000
1 week+,$5000
2 weeks,$1000
2 weeks,$0
1 week,$0
1 week,$0
2 months,$15000
1 week,$0
1 week,$0
1
5
1
10
10
3
7
7
1
10
3
3
1
5
1
10
10
3
7
7
1
10
3
3
Document
Software
Software
Software
Configuration
Document
Configuration
Configuration
Configuration
5
Document
Goals
negative correlation (strong)
5
▲
Capacitation
Difficulty (0=Easy to Accomplish, 10=Extremely Difficult) Technical Benchm ark (Im portance)
Ο
▲
Intrusers in the w ireless
positive correlation negative correlationa
Com petitive Benchm ark (0=Worst, 5=Best)
Θ Θ
Technical Details (tim e, cost)
▲
1
positive correlation (strong)
5
Θ
Software
8.8
3
3
w eak relationship
5
Θ
2
9
moderate relationship
15
MICROSOTF
9
TELMEX
8
Instal a intrusion detection system
7
Buy a intrusion detection system
6
Create a form and a security policy to access the servers
5
10.0 Disaster Recovery Plan
strong relationship
┼┼
4
Buy and install an antivirus
┼┼
3
Needs of Com puter Security of the Com pany(1)
Weight Relative Importance
12.5
┼
┼
┼
2
CHARACTERISTICS OF SECURITY
1
┼┼
┼┼
┼
┼┼
1
Capacitation of the administrator of Computer Science
Colum n # Direction of Im provem ent: Minimize (▼), Maximize (▲), or Target (x)
┼
┼
┼
AVAYA
┼┼
┼
SYMANTEC
┼
┼
┼
CISCO
┼┼
Company
┼
Θ Ο ▲ ┼┼ ┼ ▬ ▼ ▼ ▲ x
4 3
Figure 10. House of Quality of the PYME.
5. Conclusions The strategic planning of computer security can be seen as a military strategy, if the security strategies are not effective neither product on the world will protect the company from aspects of computer security. As future work plans to conduct a research of the Total Quality Management (TQM) or Quality Function Depolyment (QFD) as applied to computer security for SMEs. 52
Ruiz-Vanoye et al. / Quality Function Deployment (QFD) House of Quality for Strategic Planning of Computer Security of SMEs. IJCOPI Vol. 4, No. 1, Jan-April 2013, pp. 39-53. EDITADA. ISSN: 2007-1558.
References [1] DaeSoo, K., Ow, T.T., Minjoon, J.: SME strategies: an Assessment of High vs. Low Performers. Communications of ACM, Vol. 51, No. 11 (2008) 113-117. [2] Ruiz-Vanoye, J.A., Díaz-Parra, O., Ponce-Medellín, I.R., Olivares-Rojas, J.C.: Strategic Planning for the Computer Science Security. WSEAS Trans. Comput., Vol. 5, No. 7 (2008) 387-396. [3] Ruiz-Vanoye, J.A., Díaz-Parra, O., Zavala-Díaz, J.C.: Strategic Planning for Computer Science Security of Networks and Systems in SMEs. African Journal of Business Management, Vol.6, No. 3 (2012) 762-769. [4] Cohen, L.: Quality Function Deployment: How to Make QFD Work for You Addison-Wesley Publishing Company, New York, 1995. [5] Sullivan, L.P: Quality Function Deployment. Quality Progress, Vol. 19, No. 6 (1986) 39-50. [6] Taguchi, G., Clausing, D.: Robust quality. Harvard Business Review (1990) 65-75. [7] Hauser, J., Clausing, D.: The house of quality. Harvard Business Review Vol. 3 (1988) 63-73. [8] Shigeru, M., Akao, Y.: Quality Function Deployment: A company Wide Quality Approach (in Japanese), JUSE Press, 1978. [9] Taeho, P., Kwang-Jae, K.: Determination of an optimal set of design requirements using house of quality. Journal of Operations Management, Vol. 16, No. 5 (1998) 569-581, [10] Lowe, A., Ridgway, K., Atkinson, H.: QFD in new production technology evaluation. International Journal of Production Economics, Vol. 67, No. 2 (2000) 103-112. [11] Gin-Shuh, L., Ji-Feng, D., Chun-Kai, W.: Applying fuzzy quality function deployment to prioritize solutions of knowledge management for an international port in Taiwan. Knowledge-Based Systems, Vol. 33 (2012) 83-91. [12] Charuenporn, P., Intakosum, S.:Qos-Security Metrics Based on ITIL and COBIT Standard for Measurement Web Services. Journal of universal computer science, Vol. 18, No. 6 (2012) 775-797. [13] Dohoon, K.: An integrated framework of HoQ and AHP for the QOE improvement of network-based ASP services. Annals of telecommunications, Vol. 65, No. 1-2 (2010) 19-29. [14] Kogure, M., Akao, Y.: Quality Function Deployment and Company Wide Quality Control in Japan: a strategy for assuring that quality is built into products. Quality Progress (1983) 25-29
53
