function deployment (qfd) house of · pdf filesecurity (qspm-css). ruiz-vanoye et al. (2012)...
TRANSCRIPT
International Journal of Combinatorial
Optimization Problems and Informatics
E-ISSN: 2007-1558
International Journal of Combinatorial
Optimization Problems and Informatics
México
Ruiz-Vanoye, Jorge A.; Díaz-Parra, Ocotlán; Nolazco-Flores, Juan Arturo; Canepa Saenz, Ana;
Hernández, Víctor H.; Mendoza Gongora, Heriberto
Quality Function Deployment (QFD) House of Quality for Strategic Planning of Computer Security of
SMEs
International Journal of Combinatorial Optimization Problems and Informatics, vol. 4, núm. 1, enero-
abril, 2013, pp. 39-53
International Journal of Combinatorial Optimization Problems and Informatics
Morelos, México
Available in: http://www.redalyc.org/articulo.oa?id=265225625005
How to cite
Complete issue
More information about this article
Journal's homepage in redalyc.org
Scientific Information System
Network of Scientific Journals from Latin America, the Caribbean, Spain and Portugal
Non-profit academic project, developed under the open access initiative
© International Journal of Combinatorial Optimization Problems and Informatics, Vol. 4, No. 1, Jan-April
2013, pp. 39-53. ISSN: 2007-1558
Received Jul 30, 2012 / Accepted Dec 6, 2012
Editorial Académica Dragón Azteca (EDITADA.ORG)
Quality Function Deployment (QFD) House of Quality for Strategic
Planning of Computer Security of SMEs
Jorge A. Ruiz-Vanoye1, Ocotlán Díaz-Parra
1, Juan Arturo Nolazco-Flores
2,
Ana Canepa Saenz1, Víctor H. Hernández
1, Heriberto Mendoza Gongora
1
1 Universidad Autónoma del Carmen, México.
2 Tec de Monterrey Campus Monterrey, México.
Abstract: This article proposes to implement the Quality Function Deployment (QFD)
House of Quality for strategic planning of computer security for Small and Medium
Enterprises (SME). The House of Quality (HoQ) applied to computer security of SME is a
framework to convert the security needs of corporate computing in a set of specifications to
improve computer security.
Keywords: House of Quality, QFD, Computer Security, SMEs.
1. Introduction
The Small and Medium Enterprises (SMEs), Small and Medium Businesses (SMBs)
or Very Small Enterprises (VSEs) are companies with fewer than 10 employees
(Micro enterprises), 50 employees (small) and those with fewer than 250 (medium). In
most economies, smaller enterprises are much greater in number [1].
The use of the strategic planning in questions of computer security is an excellent
mechanism to administer aspects of security in any SME. Ruiz-Vanoye et al. (2008) [2] are
the first to propose to apply the strategic planning for the computer security. The
methods of strategic planning for computer science security are: The matrix of
recommendations and threats (RT matrix), The matrix of mechanism and vulnerabilities
(MV matrix), The matrix of vulnerabilities, recommendations, threats and mechanism
(VRTM matrix), and the quantitative strategic planning matrix for computer science
security (QSPM-CSS). Ruiz-Vanoye et al. (2012) [3] apply the strategic planning for the
computer science security of network and systems in SMEs with the following
characteristics: easy to understand, easy to apply, and economical in its adoption.
This paper proposes to implement the Quality Function Deployment (QFD) House of
Quality for strategic planning of computer security for Small and Medium Enterprises
Ruiz-Vanoye et al. / Quality Function Deployment (QFD) House of Quality for Strategic Planning of
Computer Security of SMEs. IJCOPI Vol. 4, No. 1, Jan-April 2013, pp. 39-53. EDITADA. ISSN: 2007-1558.
40
(SME). The House of Quality (HoQ) applied to computer security of SME is a framework
to convert the security needs of corporate computing in a set of specifications to improve
computer security. The paper is organized as describing the House of Quality for Strategic
Planning of Computer Security to the SMEs, the results, discussion and the conclusions.
2. Related Works
Louis Cohen [4] proposed a four-phase Quality function deployment (QFD) model in a
discussion of product development; these phases respectively consist of customer
requirement planning (CRP), product characteristics deployment (PCD), process and
quality control (PQC), and the operative instruction (OPI). The CRP phase of the QFD
model consists of use of a matrix, known as the House of Quality (HOQ), which uses
matrices to show multiple relationships between customer requirements and technical
specifications.
Quality function deployment (QFD) is a widely-used methodology for developing a design
quality aimed at satisfying the customer and translating the customer’s demand into design
targets [5]. Quality function deployment (QFD) is an effective tool that can aid in moving
towards a more proactive product development [5].
The idea of introducing quality at the design stage was developed for manufacturing
processes by Taguchi to ensure what he called "robust quality" (Taguchi and Clausing
1990[6]). This idea is also the foundation of the "house of quality" matrix of Hauser and
Clausing (1988) [7].
Quality Function Deployment (QFD) was developed in Japan by Shigeru Mizuno and Yoji
Akao, first implemented in Mitsubishi in 1972, later adopted in US in 1983 [8]. Quality has
been one of the competitive strategies in the global market. To ensure quality companies
have adopted the Total Quality Management (TQM) as a part of success in business goals
and have used TQM methods (such as function development of Quality or Quality Function
Deployment-QFD) for the design of process control.
Ruiz-Vanoye et al. / Quality Function Deployment (QFD) House of Quality for Strategic Planning of
Computer Security of SMEs. IJCOPI Vol. 4, No. 1, Jan-April 2013, pp. 39-53. EDITADA. ISSN: 2007-1558.
41
QFD was applied to many industrial problems such as product design, strategic planning,
renewal of a telecommunications wiring closet, and improved customer service. The basic
concept of QFD is to translate the desires of consumers in product design or characteristics
and parts. Each translation uses a matrix called House of Quality (HoQ) to identify
customer requirements and prioritize Design Requirements (DRs) to meet customer
requirements.
HOQ displayed in a matrix showing the customer requirements in rows and columns design
requirements; their relationships within the matrix, and their correlations or dependencies
of the design requirements on top of the matrix. HOQ also uses a weighting scale to
indicate the degree of strength between customer requirements and design requirements.
QFD was originally created by Mitsubishi in 1972 [8].
The House of Quality has been used for the determination of an optimal set of requirements
for the design of the problem of improving indoor air quality [9]. The House of Quality has
been used mainly in the production of related products manufacturing. For example for the
manufacturing process of metal [10]. To prioritize knowledge management of data storage
solutions and data mining systems for Taiwan's international airport [11].
Charuenporn [12] proposes a new way of developing Quality of Service QoS-SM using
Qos ontology mapping with two information system standards, COBIT and ITIL, as a result
of which new Qos-SM are developed, by represents the metrics in the form of a class
diagram, thus facilitating its application in the organization.
Kim Dohoon [13] proposes an integrated framework of House of Quality (HoQ) and
analytical hierarchy process (AHP) for the improvement of network-based ASP services.
The proposed integrated framework successfully finds key functional elements, such as
business customization and security/failure management, to reengineer the service delivery
process, thereby helping service providers develop better ASP services to improve QoE
effectively and efficiently.
Ruiz-Vanoye et al. / Quality Function Deployment (QFD) House of Quality for Strategic Planning of
Computer Security of SMEs. IJCOPI Vol. 4, No. 1, Jan-April 2013, pp. 39-53. EDITADA. ISSN: 2007-1558.
42
This paper propose to implement the Quality Function Deployment (QFD) House of
Quality for strategic planning of computer security for Small and Medium Enterprises
(SME).
3. House of Quality for Strategic Planning of Computer Security
The House of Quality applied to computer security of SME is a framework to convert the
security needs of corporate computing in a set of specifications to improve computer
security. The House of Quality for the strategic planning of computer security includes:
Computer security requirements of the company. It is one of inputs of the House of
Quality and It is defined the analysis, interviews, assessing risks and vulnerabilities
in computer security, among others.
The relationship matrix. This is the dimension where requirements correspond or
match with characteristics or specifications the improvement of the computer
security.
Security Characteristics. Product features or specifications to improve computer
security focus on how to should implement the security aspects of the enterprise.
Correlation matrix. In this stage is classified as strongly positive, positive, negative,
strongly negative and none.
Competitive benchmark. The result of the relationship matrix is compared with the
security products available on the market. And is used to enhance weaknesses
identified in the comparison.
Technical Details. In this section, the matrix relationship begins to analyze and
measure with computer security plan of the company related with the times, costs
and difficulties.
Technical Benchmark. This is the assessment of the improvements to computer
security and the specifications or characteristics of the computer security.
Goals. Herein determining the goals that must be obtained to improve the computer
security of SMEs.
Ruiz-Vanoye et al. / Quality Function Deployment (QFD) House of Quality for Strategic Planning of
Computer Security of SMEs. IJCOPI Vol. 4, No. 1, Jan-April 2013, pp. 39-53. EDITADA. ISSN: 2007-1558.
43
Correlation
matrix
Security
Characteristics
Relationship
matrix
Technical Details
Relative
Importance
Computer security
requirements of the
company
Competitive benchmark
Technical
Benchmark
Goals
Figure 1. Methodology of House of Quality applied to computer security.
The process for making the House of Quality for information security of SME consists of
the following steps:
1.-Make a list of 10 computer security needs of the company (CSR) from interviews and
vulnerability analysis. And the ranks assigned section for information security needs of the
company. It also determines the relative importance (RI) of each of the needs with values
between 0 (unimportant) to 10 (very important).
Table 1. Needs of Computer Security.
# R
ow
s
Rel
ati
ve
Imp
ort
an
ce Computer security requirements of
the company
1 RI1 CSR1
2 RI2 CSR2
… … …
n RIn CSRn
Ruiz-Vanoye et al. / Quality Function Deployment (QFD) House of Quality for Strategic Planning of
Computer Security of SMEs. IJCOPI Vol. 4, No. 1, Jan-April 2013, pp. 39-53. EDITADA. ISSN: 2007-1558.
44
Correlation
matrix
Security
Characteristics
Relationship
matrix
Technical Details
Relative
Importance
Computer security
requirements of the
company
Competitive benchmark
Technical
Benchmark
Goals
Figure 2. Computer Security Requeriments of the Company.
2.- Determine 15 security Characteristics (SC) that focus on how you should implement the
security aspects in the company. And assigns in the columns for the features section of the
computer security company.
Tabla 2. Security characteristics.
#
Column
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15
Sec
uri
ty
Char
acte
rist
ics
SC
1
SC
2
SC
3
SC
4
SC
5
SC
6
SC
7
SC
8
SC
9
SC
10
SC
11
SC
12
SC
13
SC
14
SC
15
Ruiz-Vanoye et al. / Quality Function Deployment (QFD) House of Quality for Strategic Planning of
Computer Security of SMEs. IJCOPI Vol. 4, No. 1, Jan-April 2013, pp. 39-53. EDITADA. ISSN: 2007-1558.
45
Correlation
matrix
Security
Characteristics
Relationship
matrix
Technical Details
Relative
Importance
Computer security
requirements of the
company
Competitive benchmark
Technical
Benchmark
Goals
Figure 3. Security characteristics in the HoQ.
3.- Develops the evaluation corresponding to the matrix of relationship. Assigns Θ to the
strong relationship (9), Ο moderate relationship (3), or ? weak relationship (1) where the
needs corresponding or match the characteristics or specifications to improve computer
security.
Table 3. Matrix of relationship.
SC
1
SC
2
SC
3
SC
4
SC
5
SC
6
SC
7
SC
8
SC
9
SC
10
SC
11
SC
12
SC
13
SC
14
SC
15
CSR1 Θ Ο ? ? Θ
CSR2 ? Θ Ο ?
… ? Ο ?
CSRn Θ Ο ? Θ Ο
Ruiz-Vanoye et al. / Quality Function Deployment (QFD) House of Quality for Strategic Planning of
Computer Security of SMEs. IJCOPI Vol. 4, No. 1, Jan-April 2013, pp. 39-53. EDITADA. ISSN: 2007-1558.
46
Correlation
matrix
Security
Characteristics
Relationship
matrix
Technical Details
Relative
Importance
Computer security
requirements of the
company
Competitive benchmark
Technical
Benchmark
Goals
Figure 4. Matirx of relationship in the HoQ.
4.- Assigns 5-10 to computer security products on the market at competitive benchmark
section. Computer security products will serve to improve the weaknesses identified in the
company. Rate 0 to 5, where 0 is the worst rating of the product that solves the weaknesses
of the company and 5 the best.
Ruiz-Vanoye et al. / Quality Function Deployment (QFD) House of Quality for Strategic Planning of
Computer Security of SMEs. IJCOPI Vol. 4, No. 1, Jan-April 2013, pp. 39-53. EDITADA. ISSN: 2007-1558.
47
Table 4. Competitive Benchmark.
P 1
P 2
…
P 1
0
0 2 5
1 5 0
2 1 4
5 3 2
Correlation
matrix
Security
Characteristics
Relationship
matrix
Technical Details
Relative
Importance
Computer security
requirements of the
company
Competitive benchmark
Technical
Benchmark
Goals
Figure 5. Competitive Benchmark in HoQ.
Ruiz-Vanoye et al. / Quality Function Deployment (QFD) House of Quality for Strategic Planning of
Computer Security of SMEs. IJCOPI Vol. 4, No. 1, Jan-April 2013, pp. 39-53. EDITADA. ISSN: 2007-1558.
48
5.- Determines the time and computational costs of each solution, and the difficulty
required to implement the business plan according to computer security company in the
technical details section. Assign between 0 to implementation that is easy to perform and
10 if it is extremely difficult.
Table 5. Technical Details.
Time T1 T2 T3 … T15
Cost C1 C2 C15
Difficulty D1 D2 D15
Correlation
matrix
Security
Characteristics
Relationship
matrix
Technical Details
Relative
Importance
Computer security
requirements of the
company
Competitive benchmark
Technical
Benchmark
Goals
Figure 6. Technical Details in HoQ.
Ruiz-Vanoye et al. / Quality Function Deployment (QFD) House of Quality for Strategic Planning of
Computer Security of SMEs. IJCOPI Vol. 4, No. 1, Jan-April 2013, pp. 39-53. EDITADA. ISSN: 2007-1558.
49
6.- Calculate the importance of improve the information security and allocate in the section
technical benchmark from 0 (unimportant) to 10 (very important).
Table 6. Technical Benchmark.
Importance I1 I2 I3 … I15
Correlation
matrix
Security
Characteristics
Relationship
matrix
Technical Details
Relative
Importance
Computer security
requirements of the
company
Competitive benchmark
Technical
Benchmark
Goals
Figure 7. Technical Benchmark in HoQ.
7.- Determine the goals to be fulfilled at the time of improve the information security, and
assign to the goals section.
Table 7. Goals.
Goals G1 G2 G3 … G15
Ruiz-Vanoye et al. / Quality Function Deployment (QFD) House of Quality for Strategic Planning of
Computer Security of SMEs. IJCOPI Vol. 4, No. 1, Jan-April 2013, pp. 39-53. EDITADA. ISSN: 2007-1558.
50
Correlation
matrix
Security
Characteristics
Relationship
matrix
Technical Details
Relative
Importance
Computer security
requirements of the
company
Competitive benchmark
Technical
Benchmark
Goals
Figure 8. Goals in the HoQ.
8.- Rate the correlation between each of the security features and assign ┼┼ to the strongly
positive correlation, ┼ the positive correlation, ▬ the negative correlation, ▼ if the
objective is to minimize, ▲if the objective is to maximize, x if the goal is only the
fulfillment of the activity.
Ruiz-Vanoye et al. / Quality Function Deployment (QFD) House of Quality for Strategic Planning of
Computer Security of SMEs. IJCOPI Vol. 4, No. 1, Jan-April 2013, pp. 39-53. EDITADA. ISSN: 2007-1558.
51
Correlation
matrix
Security
Characteristics
Relationship
matrix
Technical Details
Relative
Importance
Computer security
requirements of the
company
Competitive benchmark
Technical
Benchmark
Goals
Figure 9. Correlation Matrix.
Ruiz-Vanoye et al. / Quality Function Deployment (QFD) House of Quality for Strategic Planning of
Computer Security of SMEs. IJCOPI Vol. 4, No. 1, Jan-April 2013, pp. 39-53. EDITADA. ISSN: 2007-1558.
52
4. Experimentation
The general idea of this research is to determine if it is possible to use the concepts of
House of Quality to determine the information security of small and medium enterprises.
The experimentation was conducted by the methodology House of Quality for Strategic
Planning of Computer Security of SMEs. It was necessary to create a solution based on
information technology applied to matrix of House of Quality for computer security of
SMEs. The technological solution was applied to a SME of Campeche state.
CHARACTERISTICS
OF SECURITY
Needs of Computer
Security of the
Company(1) 0 1 2 3 4 5
12.5 10.0 5
8.8 7.0 5
12.5 10.0 5
10.0 8.0 5 4 3
11.3 9.0 5 4
11.3 9.0 5 3
7.5 6.0 5
6.3 5.0 5
12.5 10.0 3 5 4
7.5 6.0 5 3
1
Docum
ent
Capacita
tion
Docum
ent
10
Technical Benchmark (Importance)
Goals
1
2
3
4
5
6
7
8
9
Physical Security
Intrusion Detecion System
Antivirus
Filters of spams
Log of incidents
Weig
ht
Rela
tive Im
po
rtan
ce
Softw
are
Softw
are
Config
ura
tion
Softw
are
Docum
ent
Θ ▲
Softw
are
Difficulty
(0=Easy to Accomplish, 10=Extremely Diff icult)
Θ ▲
10 10
Θ
1
▲
1
1 m
onth
,$5000
Θ
▲
Technical Details (time, cost)
Θ
Log of access
Administrator of Computer Security
Intrusers in the w ireless
Θ
▲ ▲
Θ ▲
10 3 3
2 m
onth
s,$
15000
Θ
1 w
eek,$
0
1 w
eek,$
0
Config
ura
tion
Config
ura
tion
Config
ura
tion
▲ ▲ Θ
Ο
▲
7 15
15
Update of Operating Systems
10 3 3
Θ Ο
10
Ο
3 71 10
Imple
ment a d
evic
e o
f th
e r
oute
r betw
een
the Inte
rner
Serv
ice P
rovid
er
and the m
ain
sw
itch o
f th
e c
om
pany
Dis
able
the a
ccess o
f th
e u
sb d
evic
e
Config
ure
a p
assw
ord
in the B
IOS
to
the
Com
pute
rs
x▲Direction of Improvement:
Minimize (▼), Maximize (▲), or Target (x)
Cre
ate
the R
ecovery
Pla
n
11 12C
reate
a form
and a
incid
ent polic
y
▲ x
Disaster Recovery Plan
▲ x ▲ ▲
5 6 7 8
Capacita
tion o
f th
e a
dm
inis
trato
r of
Com
pute
r S
cie
nce
Cre
ate
a form
and a
security
polic
y to
access the s
erv
ers
Buy a
intr
usio
n d
ete
ctio
n s
yste
m
Insta
l a in
trusio
n d
ete
ctio
n s
yste
m
x ▲x ▲
┼ ┼
Θ
Buy a
nd in
sta
ll an a
ntiv
irus
Config
ure
the filt
er
to the d
ow
nlo
ad o
f fil
es
attached to the e
-mails
Copy fro
m the s
erv
er
the u
pdate
s to a
local
serv
er
Ο
┼┼
Column # 1 2 3 4 14 1510 139
┼┼ ┼ ┼┼
┼┼
┼┼
┼
┼ ┼ ┼
┼ ┼ ┼┼ ┼
┼ ┼
┼ ┼┼
┼
┼
3moderate relationship
Competitive Benchmark
(0=Worst, 5=Best)
▲ 1
┼┼
w eak relationship
positive correlation (strong)
▼
fulf ill the activity
to maximice
positive correlation┼
negative correlationa▬
negative correlation (strong)
▼ to minimize
Ο
Com
pany
CIS
CO
SY
MA
NT
EC
AV
AY
A
TE
LM
EX
MIC
RO
SO
TF
2 w
eeks,$
1000
1 w
eek,$
0
2 m
onth
s,$
2000
1 w
eek+,$
5000
3 7 7
2 w
eeks,$
0
x
1 w
eek,$
0
1 w
eek,$
0
▲
20 H
RS
,$5000
Symbols
Θ strong relationship 9
Company CISCO
SYMANTEC AVAYA
TELMEX MICROSOTF
Figure 10. House of Quality of the PYME.
5. Conclusions
The strategic planning of computer security can be seen as a military strategy, if the
security strategies are not effective neither product on the world will protect the company
from aspects of computer security. As future work plans to conduct a research of the Total
Quality Management (TQM) or Quality Function Depolyment (QFD) as applied to
computer security for SMEs.
Ruiz-Vanoye et al. / Quality Function Deployment (QFD) House of Quality for Strategic Planning of
Computer Security of SMEs. IJCOPI Vol. 4, No. 1, Jan-April 2013, pp. 39-53. EDITADA. ISSN: 2007-1558.
53
References
[1] DaeSoo, K., Ow, T.T., Minjoon, J.: SME strategies: an Assessment of High vs. Low Performers.
Communications of ACM, Vol. 51, No. 11 (2008) 113-117.
[2] Ruiz-Vanoye, J.A., Díaz-Parra, O., Ponce-Medellín, I.R., Olivares-Rojas, J.C.: Strategic Planning for the
Computer Science Security. WSEAS Trans. Comput., Vol. 5, No. 7 (2008) 387-396.
[3] Ruiz-Vanoye, J.A., Díaz-Parra, O., Zavala-Díaz, J.C.: Strategic Planning for Computer Science Security
of Networks and Systems in SMEs. African Journal of Business Management, Vol.6, No. 3 (2012) 762-769.
[4] Cohen, L.: Quality Function Deployment: How to Make QFD Work for You Addison-Wesley Publishing
Company, New York, 1995.
[5] Sullivan, L.P: Quality Function Deployment. Quality Progress, Vol. 19, No. 6 (1986) 39-50.
[6] Taguchi, G., Clausing, D.: Robust quality. Harvard Business Review (1990) 65-75.
[7] Hauser, J., Clausing, D.: The house of quality. Harvard Business Review Vol. 3 (1988) 63-73.
[8] Shigeru, M., Akao, Y.: Quality Function Deployment: A company Wide Quality Approach (in Japanese),
JUSE Press, 1978.
[9] Taeho, P., Kwang-Jae, K.: Determination of an optimal set of design requirements using house of quality.
Journal of Operations Management, Vol. 16, No. 5 (1998) 569-581,
[10] Lowe, A., Ridgway, K., Atkinson, H.: QFD in new production technology evaluation. International
Journal of Production Economics, Vol. 67, No. 2 (2000) 103-112.
[11] Gin-Shuh, L., Ji-Feng, D., Chun-Kai, W.: Applying fuzzy quality function deployment to prioritize
solutions of knowledge management for an international port in Taiwan. Knowledge-Based Systems, Vol. 33
(2012) 83-91.
[12] Charuenporn, P., Intakosum, S.:Qos-Security Metrics Based on ITIL and COBIT Standard for
Measurement Web Services. Journal of universal computer science, Vol. 18, No. 6 (2012) 775-797.
[13] Dohoon, K.: An integrated framework of HoQ and AHP for the QOE improvement of network-based
ASP services. Annals of telecommunications, Vol. 65, No. 1-2 (2010) 19-29.
[14] Kogure, M., Akao, Y.: Quality Function Deployment and Company Wide Quality Control in Japan: a
strategy for assuring that quality is built into products. Quality Progress (1983) 25-29