function deployment (qfd) house of · pdf filesecurity (qspm-css). ruiz-vanoye et al. (2012)...

International Journal of Combinatorial

Optimization Problems and Informatics

E-ISSN: 2007-1558

[email protected]

International Journal of Combinatorial

Optimization Problems and Informatics

México

Ruiz-Vanoye, Jorge A.; Díaz-Parra, Ocotlán; Nolazco-Flores, Juan Arturo; Canepa Saenz, Ana;

Hernández, Víctor H.; Mendoza Gongora, Heriberto

Quality Function Deployment (QFD) House of Quality for Strategic Planning of Computer Security of

SMEs

International Journal of Combinatorial Optimization Problems and Informatics, vol. 4, núm. 1, enero-

abril, 2013, pp. 39-53

International Journal of Combinatorial Optimization Problems and Informatics

Morelos, México

Available in: http://www.redalyc.org/articulo.oa?id=265225625005

How to cite

Complete issue

More information about this article

Journal's homepage in redalyc.org

Scientific Information System

Network of Scientific Journals from Latin America, the Caribbean, Spain and Portugal

Non-profit academic project, developed under the open access initiative

http://www.redalyc.org/revista.oa?id=2652

http://www.redalyc.org/articulo.oa?id=265225625005

http://www.redalyc.org/comocitar.oa?id=265225625005

http://www.redalyc.org/fasciculo.oa?id=2652&numero=25625

http://www.redalyc.org/articulo.oa?id=265225625005

http://www.redalyc.org/revista.oa?id=2652

http://www.redalyc.org

© International Journal of Combinatorial Optimization Problems and Informatics, Vol. 4, No. 1, Jan-April

2013, pp. 39-53. ISSN: 2007-1558

Received Jul 30, 2012 / Accepted Dec 6, 2012

Editorial Académica Dragón Azteca (EDITADA.ORG)

Quality Function Deployment (QFD) House of Quality for Strategic

Planning of Computer Security of SMEs

Jorge A. Ruiz-Vanoye1, Ocotlán Díaz-Parra

1, Juan Arturo Nolazco-Flores

2,

Ana Canepa Saenz1, Víctor H. Hernández

1, Heriberto Mendoza Gongora

1

1 Universidad Autónoma del Carmen, México.

2 Tec de Monterrey Campus Monterrey, México.

Abstract: This article proposes to implement the Quality Function Deployment (QFD)

House of Quality for strategic planning of computer security for Small and Medium

Enterprises (SME). The House of Quality (HoQ) applied to computer security of SME is a

framework to convert the security needs of corporate computing in a set of specifications to

improve computer security.

Keywords: House of Quality, QFD, Computer Security, SMEs.

1. Introduction

The Small and Medium Enterprises (SMEs), Small and Medium Businesses (SMBs)

or Very Small Enterprises (VSEs) are companies with fewer than 10 employees

(Micro enterprises), 50 employees (small) and those with fewer than 250 (medium). In

most economies, smaller enterprises are much greater in number [1].

The use of the strategic planning in questions of computer security is an excellent

mechanism to administer aspects of security in any SME. Ruiz-Vanoye et al. (2008) [2] are

the first to propose to apply the strategic planning for the computer security. The

methods of strategic planning for computer science security are: The matrix of

recommendations and threats (RT matrix), The matrix of mechanism and vulnerabilities

(MV matrix), The matrix of vulnerabilities, recommendations, threats and mechanism

(VRTM matrix), and the quantitative strategic planning matrix for computer science

security (QSPM-CSS). Ruiz-Vanoye et al. (2012) [3] apply the strategic planning for the

computer science security of network and systems in SMEs with the following

characteristics: easy to understand, easy to apply, and economical in its adoption.

This paper proposes to implement the Quality Function Deployment (QFD) House of

Quality for strategic planning of computer security for Small and Medium Enterprises

Ruiz-Vanoye et al. / Quality Function Deployment (QFD) House of Quality for Strategic Planning of

Computer Security of SMEs. IJCOPI Vol. 4, No. 1, Jan-April 2013, pp. 39-53. EDITADA. ISSN: 2007-1558.

40

(SME). The House of Quality (HoQ) applied to computer security of SME is a framework

to convert the security needs of corporate computing in a set of specifications to improve

computer security. The paper is organized as describing the House of Quality for Strategic

Planning of Computer Security to the SMEs, the results, discussion and the conclusions.

2. Related Works

Louis Cohen [4] proposed a four-phase Quality function deployment (QFD) model in a

discussion of product development; these phases respectively consist of customer

requirement planning (CRP), product characteristics deployment (PCD), process and

quality control (PQC), and the operative instruction (OPI). The CRP phase of the QFD

model consists of use of a matrix, known as the House of Quality (HOQ), which uses

matrices to show multiple relationships between customer requirements and technical

specifications.

Quality function deployment (QFD) is a widely-used methodology for developing a design

quality aimed at satisfying the customer and translating the customer’s demand into design

targets [5]. Quality function deployment (QFD) is an effective tool that can aid in moving

towards a more proactive product development [5].

The idea of introducing quality at the design stage was developed for manufacturing

processes by Taguchi to ensure what he called "robust quality" (Taguchi and Clausing

1990[6]). This idea is also the foundation of the "house of quality" matrix of Hauser and

Clausing (1988) [7].

Quality Function Deployment (QFD) was developed in Japan by Shigeru Mizuno and Yoji

Akao, first implemented in Mitsubishi in 1972, later adopted in US in 1983 [8]. Quality has

been one of the competitive strategies in the global market. To ensure quality companies

have adopted the Total Quality Management (TQM) as a part of success in business goals

and have used TQM methods (such as function development of Quality or Quality Function

Deployment-QFD) for the design of process control.



41

QFD was applied to many industrial problems such as product design, strategic planning,

renewal of a telecommunications wiring closet, and improved customer service. The basic

concept of QFD is to translate the desires of consumers in product design or characteristics

and parts. Each translation uses a matrix called House of Quality (HoQ) to identify

customer requirements and prioritize Design Requirements (DRs) to meet customer

requirements.

HOQ displayed in a matrix showing the customer requirements in rows and columns design

requirements; their relationships within the matrix, and their correlations or dependencies

of the design requirements on top of the matrix. HOQ also uses a weighting scale to

indicate the degree of strength between customer requirements and design requirements.

QFD was originally created by Mitsubishi in 1972 [8].

The House of Quality has been used for the determination of an optimal set of requirements

for the design of the problem of improving indoor air quality [9]. The House of Quality has

been used mainly in the production of related products manufacturing. For example for the

manufacturing process of metal [10]. To prioritize knowledge management of data storage

solutions and data mining systems for Taiwan's international airport [11].

Charuenporn [12] proposes a new way of developing Quality of Service QoS-SM using

Qos ontology mapping with two information system standards, COBIT and ITIL, as a result

of which new Qos-SM are developed, by represents the metrics in the form of a class

diagram, thus facilitating its application in the organization.

Kim Dohoon [13] proposes an integrated framework of House of Quality (HoQ) and

analytical hierarchy process (AHP) for the improvement of network-based ASP services.

The proposed integrated framework successfully finds key functional elements, such as

business customization and security/failure management, to reengineer the service delivery

process, thereby helping service providers develop better ASP services to improve QoE

effectively and efficiently.



42

This paper propose to implement the Quality Function Deployment (QFD) House of

Quality for strategic planning of computer security for Small and Medium Enterprises

(SME).

3. House of Quality for Strategic Planning of Computer Security

The House of Quality applied to computer security of SME is a framework to convert the

security needs of corporate computing in a set of specifications to improve computer

security. The House of Quality for the strategic planning of computer security includes:

Computer security requirements of the company. It is one of inputs of the House of

Quality and It is defined the analysis, interviews, assessing risks and vulnerabilities

in computer security, among others.

The relationship matrix. This is the dimension where requirements correspond or

match with characteristics or specifications the improvement of the computer

security.

Security Characteristics. Product features or specifications to improve computer

security focus on how to should implement the security aspects of the enterprise.

Correlation matrix. In this stage is classified as strongly positive, positive, negative,

strongly negative and none.

Competitive benchmark. The result of the relationship matrix is compared with the

security products available on the market. And is used to enhance weaknesses

identified in the comparison.

Technical Details. In this section, the matrix relationship begins to analyze and

measure with computer security plan of the company related with the times, costs

and difficulties.

Technical Benchmark. This is the assessment of the improvements to computer

security and the specifications or characteristics of the computer security.

Goals. Herein determining the goals that must be obtained to improve the computer

security of SMEs.



43

Correlation

matrix

Security

Characteristics

Relationship

matrix

Technical Details

Relative

Importance

Computer security

requirements of the

company

Competitive benchmark

Technical

Benchmark

Goals

Figure 1. Methodology of House of Quality applied to computer security.

The process for making the House of Quality for information security of SME consists of

the following steps:

1.-Make a list of 10 computer security needs of the company (CSR) from interviews and

vulnerability analysis. And the ranks assigned section for information security needs of the

company. It also determines the relative importance (RI) of each of the needs with values

between 0 (unimportant) to 10 (very important).

Table 1. Needs of Computer Security.

# R

ow

s

Rel

ati

ve

Imp

ort

an

ce Computer security requirements of

the company

1 RI1 CSR1

2 RI2 CSR2

… … …

n RIn CSRn



44

Correlation

matrix

Security

Characteristics

Relationship

matrix

Technical Details

Relative

Importance

Computer security

requirements of the

company


Technical

Benchmark

Goals

Figure 2. Computer Security Requeriments of the Company.

2.- Determine 15 security Characteristics (SC) that focus on how you should implement the

security aspects in the company. And assigns in the columns for the features section of the

computer security company.

Tabla 2. Security characteristics.

#

Column

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15

Sec

uri

ty

Char

acte

rist

ics

SC

1

SC

2

SC

3

SC

4

SC

5

SC

6

SC

7

SC

8

SC

9

SC

10

SC

11

SC

12

SC

13

SC

14

SC

15



45

Correlation

matrix

Security

Characteristics

Relationship

matrix

Technical Details

Relative

Importance

Computer security

requirements of the

company


Technical

Benchmark

Goals

Figure 3. Security characteristics in the HoQ.

3.- Develops the evaluation corresponding to the matrix of relationship. Assigns Θ to the

strong relationship (9), Ο moderate relationship (3), or ? weak relationship (1) where the

needs corresponding or match the characteristics or specifications to improve computer

security.

Table 3. Matrix of relationship.

SC

1

SC

2

SC

3

SC

4

SC

5

SC

6

SC

7

SC

8

SC

9

SC

10

SC

11

SC

12

SC

13

SC

14

SC

15

CSR1 Θ Ο ? ? Θ

CSR2 ? Θ Ο ?

… ? Ο ?

CSRn Θ Ο ? Θ Ο



46

Correlation

matrix

Security

Characteristics

Relationship

matrix

Technical Details

Relative

Importance

Computer security

requirements of the

company


Technical

Benchmark

Goals

Figure 4. Matirx of relationship in the HoQ.

4.- Assigns 5-10 to computer security products on the market at competitive benchmark

section. Computer security products will serve to improve the weaknesses identified in the

company. Rate 0 to 5, where 0 is the worst rating of the product that solves the weaknesses

of the company and 5 the best.



47

Table 4. Competitive Benchmark.

P 1

P 2

…

P 1

0

0 2 5

1 5 0

2 1 4

5 3 2

Correlation

matrix

Security

Characteristics

Relationship

matrix

Technical Details

Relative

Importance

Computer security

requirements of the

company


Technical

Benchmark

Goals

Figure 5. Competitive Benchmark in HoQ.



48

5.- Determines the time and computational costs of each solution, and the difficulty

required to implement the business plan according to computer security company in the

technical details section. Assign between 0 to implementation that is easy to perform and

10 if it is extremely difficult.

Table 5. Technical Details.

Time T1 T2 T3 … T15

Cost C1 C2 C15

Difficulty D1 D2 D15

Correlation

matrix

Security

Characteristics

Relationship

matrix

Technical Details

Relative

Importance

Computer security

requirements of the

company


Technical

Benchmark

Goals

Figure 6. Technical Details in HoQ.



49

6.- Calculate the importance of improve the information security and allocate in the section

technical benchmark from 0 (unimportant) to 10 (very important).

Table 6. Technical Benchmark.

Importance I1 I2 I3 … I15

Correlation

matrix

Security

Characteristics

Relationship

matrix

Technical Details

Relative

Importance

Computer security

requirements of the

company


Technical

Benchmark

Goals

Figure 7. Technical Benchmark in HoQ.

7.- Determine the goals to be fulfilled at the time of improve the information security, and

assign to the goals section.

Table 7. Goals.

Goals G1 G2 G3 … G15



50

Correlation

matrix

Security

Characteristics

Relationship

matrix

Technical Details

Relative

Importance

Computer security

requirements of the

company


Technical

Benchmark

Goals

Figure 8. Goals in the HoQ.

8.- Rate the correlation between each of the security features and assign ┼┼ to the strongly

positive correlation, ┼ the positive correlation, ▬ the negative correlation, ▼ if the

objective is to minimize, ▲if the objective is to maximize, x if the goal is only the

fulfillment of the activity.



51

Correlation

matrix

Security

Characteristics

Relationship

matrix

Technical Details

Relative

Importance

Computer security

requirements of the

company


Technical

Benchmark

Goals

Figure 9. Correlation Matrix.



52

4. Experimentation

The general idea of this research is to determine if it is possible to use the concepts of

House of Quality to determine the information security of small and medium enterprises.

The experimentation was conducted by the methodology House of Quality for Strategic

Planning of Computer Security of SMEs. It was necessary to create a solution based on

information technology applied to matrix of House of Quality for computer security of

SMEs. The technological solution was applied to a SME of Campeche state.

CHARACTERISTICS

OF SECURITY

Needs of Computer

Security of the

Company(1) 0 1 2 3 4 5

12.5 10.0 5

8.8 7.0 5

12.5 10.0 5

10.0 8.0 5 4 3

11.3 9.0 5 4

11.3 9.0 5 3

7.5 6.0 5

6.3 5.0 5

12.5 10.0 3 5 4

7.5 6.0 5 3

1

Docum

ent

Capacita

tion

Docum

ent

10

Technical Benchmark (Importance)

Goals

1

2

3

4

5

6

7

8

9

Physical Security

Intrusion Detecion System

Antivirus

Filters of spams

Log of incidents

Weig

ht

Rela

tive Im

po

rtan

ce

Softw

are

Softw

are

Config

ura

tion

Softw

are

Docum

ent

Θ ▲

Softw

are

Difficulty

(0=Easy to Accomplish, 10=Extremely Diff icult)

Θ ▲

10 10

Θ

1

▲

1

1 m

onth

,$5000

Θ

▲

Technical Details (time, cost)

Θ

Log of access

Administrator of Computer Security

Intrusers in the w ireless

Θ

▲ ▲

Θ ▲

10 3 3

2 m

onth

s,$

15000

Θ

1 w

eek,$

0

1 w

eek,$

0

Config

ura

tion

Config

ura

tion

Config

ura

tion

▲ ▲ Θ

Ο

▲

7 15

15

Update of Operating Systems

10 3 3

Θ Ο

10

Ο

3 71 10

Imple

ment a d

evic

e o

f th

e r

oute

r betw

een

the Inte

rner

Serv

ice P

rovid

er

and the m

ain

sw

itch o

f th

e c

om

pany

Dis

able

the a

ccess o

f th

e u

sb d

evic

e

Config

ure

a p

assw

ord

in the B

IOS

to

the

Com

pute

rs

x▲Direction of Improvement:

Minimize (▼), Maximize (▲), or Target (x)

Cre

ate

the R

ecovery

Pla

n

11 12C

reate

a form

and a

incid

ent polic

y

▲ x

Disaster Recovery Plan

▲ x ▲ ▲

5 6 7 8

Capacita

tion o

f th

e a

dm

inis

trato

r of

Com

pute

r S

cie

nce

Cre

ate

a form

and a

security

polic

y to

access the s

erv

ers

Buy a

intr

usio

n d

ete

ctio

n s

yste

m

Insta

l a in

trusio

n d

ete

ctio

n s

yste

m

x ▲x ▲

┼ ┼

Θ

Buy a

nd in

sta

ll an a

ntiv

irus

Config

ure

the filt

er

to the d

ow

nlo

ad o

f fil

es

attached to the e

-mails

Copy fro

m the s

erv

er

the u

pdate

s to a

local

serv

er

Ο

┼┼

Column # 1 2 3 4 14 1510 139

┼┼ ┼ ┼┼

┼┼

┼┼

┼

┼ ┼ ┼

┼ ┼ ┼┼ ┼

┼ ┼

┼ ┼┼

┼

┼

3moderate relationship

Competitive Benchmark

(0=Worst, 5=Best)

▲ 1

┼┼

w eak relationship

positive correlation (strong)

▼

fulf ill the activity

to maximice

positive correlation┼

negative correlationa▬

negative correlation (strong)

▼ to minimize

Ο

Com

pany

CIS

CO

SY

MA

NT

EC

AV

AY

A

TE

LM

EX

MIC

RO

SO

TF

2 w

eeks,$

1000

1 w

eek,$

0

2 m

onth

s,$

2000

1 w

eek+,$

5000

3 7 7

2 w

eeks,$

0

x

1 w

eek,$

0

1 w

eek,$

0

▲

20 H

RS

,$5000

Symbols

Θ strong relationship 9

Company CISCO

SYMANTEC AVAYA

TELMEX MICROSOTF

Figure 10. House of Quality of the PYME.

5. Conclusions

The strategic planning of computer security can be seen as a military strategy, if the

security strategies are not effective neither product on the world will protect the company

from aspects of computer security. As future work plans to conduct a research of the Total

Quality Management (TQM) or Quality Function Depolyment (QFD) as applied to

computer security for SMEs.



53

References

[1] DaeSoo, K., Ow, T.T., Minjoon, J.: SME strategies: an Assessment of High vs. Low Performers.

Communications of ACM, Vol. 51, No. 11 (2008) 113-117.

[2] Ruiz-Vanoye, J.A., Díaz-Parra, O., Ponce-Medellín, I.R., Olivares-Rojas, J.C.: Strategic Planning for the

Computer Science Security. WSEAS Trans. Comput., Vol. 5, No. 7 (2008) 387-396.

[3] Ruiz-Vanoye, J.A., Díaz-Parra, O., Zavala-Díaz, J.C.: Strategic Planning for Computer Science Security

of Networks and Systems in SMEs. African Journal of Business Management, Vol.6, No. 3 (2012) 762-769.

[4] Cohen, L.: Quality Function Deployment: How to Make QFD Work for You Addison-Wesley Publishing

Company, New York, 1995.

[5] Sullivan, L.P: Quality Function Deployment. Quality Progress, Vol. 19, No. 6 (1986) 39-50.

[6] Taguchi, G., Clausing, D.: Robust quality. Harvard Business Review (1990) 65-75.

[7] Hauser, J., Clausing, D.: The house of quality. Harvard Business Review Vol. 3 (1988) 63-73.

[8] Shigeru, M., Akao, Y.: Quality Function Deployment: A company Wide Quality Approach (in Japanese),

JUSE Press, 1978.

[9] Taeho, P., Kwang-Jae, K.: Determination of an optimal set of design requirements using house of quality.

Journal of Operations Management, Vol. 16, No. 5 (1998) 569-581,

[10] Lowe, A., Ridgway, K., Atkinson, H.: QFD in new production technology evaluation. International

Journal of Production Economics, Vol. 67, No. 2 (2000) 103-112.

[11] Gin-Shuh, L., Ji-Feng, D., Chun-Kai, W.: Applying fuzzy quality function deployment to prioritize

solutions of knowledge management for an international port in Taiwan. Knowledge-Based Systems, Vol. 33

(2012) 83-91.

[12] Charuenporn, P., Intakosum, S.:Qos-Security Metrics Based on ITIL and COBIT Standard for

Measurement Web Services. Journal of universal computer science, Vol. 18, No. 6 (2012) 775-797.

[13] Dohoon, K.: An integrated framework of HoQ and AHP for the QOE improvement of network-based

ASP services. Annals of telecommunications, Vol. 65, No. 1-2 (2010) 19-29.

[14] Kogure, M., Akao, Y.: Quality Function Deployment and Company Wide Quality Control in Japan: a

strategy for assuring that quality is built into products. Quality Progress (1983) 25-29

function deployment (qfd) house of · pdf filesecurity (qspm-css). ruiz-vanoye et al. (2012)...

Documents