85332536

International Journal of Combinatorial Optimization Problems and Informatics, Vol. 4, No. 1, Jan-April 2013, pp. 39-53.
ISSN: 2007-1558
Quality Function Deployment (QFD) House of Quality for Strategic Planning of Computer Security of SMEs
Jorge A. Ruiz-Vanoye1, Ocotln Daz-Parra1, Juan Arturo Nolazco-Flores 2, Ana Canepa Saenz1, Vctor H. Hernndez1, Heriberto Mendoza Gongora1
1 2
Universidad Autnoma del Carmen, Mxico. Tec de Monterrey Campus Monterrey, Mxico.
Abstract: This article proposes to implement the Quality Function Deployment (QFD) House of Quality for strategic planning of computer security for Small and Medium Enterprises (SME). The House of Quality (HoQ) applied to computer security of SME is a framework to convert the security needs of corporate computing in a set of specifications to improve computer security. Keywords: House of Quality, QFD, Computer Security, SMEs.
1. Introduction The Small and Medium Enterprises (SMEs), Small and Medium Businesses (SMBs) or Very Small Enterprises (VSEs) are companies with fewer than 10 employees (Micro enterprises), 50 employees (small) and those with fewer than 250 (medium). In most economies, smaller enterprises are much greater in number [1].
The use of the strategic planning in questions of computer security is an excellent mechanism to administer aspects of security in any SME. Ruiz-Vanoye et al. (2008) [2] are the first to propose to apply the strategic planning for the computer security. The methods of strategic planning for computer science security are: The matrix of recommendations and threats (RT matrix), The matrix of mechanism and vulnerabilities (MV matrix), The matrix of vulnerabilities, recommendations, threats and mechanism (VRTM matrix), and the quantitative strategic planning matrix for computer science security (QSPM-CSS). Ruiz-Vanoye et al. (2012) [3] apply the strategic planning for the computer science security of network and systems in SMEs with the following characteristics: easy to understand, easy to apply, and economical in its adoption. This paper proposes to implement the Quality Function Deployment (QFD) House of Quality for strategic planning of computer security for Small and Medium Enterprises
Received Jul 30, 2012 / Accepted Dec 6, 2012
Editorial Acadmica Dragn Azteca (EDITADA.ORG)
Ruiz-Vanoye et al. / Quality Function Deployment (QFD) House of Quality for Strategic Planning of Computer Security of SMEs. IJCOPI Vol. 4, No. 1, Jan-April 2013, pp. 39-53. EDITADA. ISSN: 2007-1558.
(SME). The House of Quality (HoQ) applied to computer security of SME is a framework to convert the security needs of corporate computing in a set of specifications to improve computer security. The paper is organized as describing the House of Quality for Strategic Planning of Computer Security to the SMEs, the results, discussion and the conclusions.
2. Related Works
Louis Cohen [4] proposed a four-phase Quality function deployment (QFD) model in a discussion of product development; these phases respectively consist of customer requirement planning (CRP), product characteristics deployment (PCD), process and quality control (PQC), and the operative instruction (OPI). The CRP phase of the QFD model consists of use of a matrix, known as the House of Quality (HOQ), which uses matrices to show multiple relationships between customer requirements and technical specifications.
Quality function deployment (QFD) is a widely-used methodology for developing a design quality aimed at satisfying the customer and translating the customers demand into design targets [5]. Quality function deployment (QFD) is an effective tool that can aid in moving towards a more proactive product development [5].
The idea of introducing quality at the design stage was developed for manufacturing processes by Taguchi to ensure what he called "robust quality" (Taguchi and Clausing 1990[6]). This idea is also the foundation of the "house of quality" matrix of Hauser and Clausing (1988) [7].
Quality Function Deployment (QFD) was developed in Japan by Shigeru Mizuno and Yoji Akao, first implemented in Mitsubishi in 1972, later adopted in US in 1983 [8]. Quality has been one of the competitive strategies in the global market. To ensure quality companies have adopted the Total Quality Management (TQM) as a part of success in business goals and have used TQM methods (such as function development of Quality or Quality Function Deployment-QFD) for the design of process control.
40
QFD was applied to many industrial problems such as product design, strategic planning, renewal of a telecommunications wiring closet, and improved customer service. The basic concept of QFD is to translate the desires of consumers in product design or characteristics and parts. Each translation uses a matrix called House of Quality (HoQ) to identify customer requirements and prioritize Design Requirements (DRs) to meet customer requirements.
HOQ displayed in a matrix showing the customer requirements in rows and columns design requirements; their relationships within the matrix, and their correlations or dependencies of the design requirements on top of the matrix. HOQ also uses a weighting scale to indicate the degree of strength between customer requirements and design requirements. QFD was originally created by Mitsubishi in 1972 [8].
The House of Quality has been used for the determination of an optimal set of requirements for the design of the problem of improving indoor air quality [9]. The House of Quality has been used mainly in the production of related products manufacturing. For example for the manufacturing process of metal [10]. To prioritize knowledge management of data storage solutions and data mining systems for Taiwan's international airport [11].
Charuenporn [12] proposes a new way of developing Quality of Service QoS-SM using Qos ontology mapping with two information system standards, COBIT and ITIL, as a result of which new Qos-SM are developed, by represents the metrics in the form of a class diagram, thus facilitating its application in the organization.
Kim Dohoon [13] proposes an integrated framework of House of Quality (HoQ) and analytical hierarchy process (AHP) for the improvement of network-based ASP services. The proposed integrated framework successfully finds key functional elements, such as business customization and security/failure management, to reengineer the service delivery process, thereby helping service providers develop better ASP services to improve QoE effectively and efficiently.
41
This paper propose to implement the Quality Function Deployment (QFD) House of Quality for strategic planning of computer security for Small and Medium Enterprises (SME).
3. House of Quality for Strategic Planning of Computer Security
The House of Quality applied to computer security of SME is a framework to convert the security needs of corporate computing in a set of specifications to improve computer security. The House of Quality for the strategic planning of computer security includes: Computer security requirements of the company. It is one of inputs of the House of Quality and It is defined the analysis, interviews, assessing risks and vulnerabilities in computer security, among others. The relationship matrix. This is the dimension where requirements correspond or match with characteristics or specifications the improvement of the computer security. Security Characteristics. Product features or specifications to improve computer security focus on how to should implement the security aspects of the enterprise. Correlation matrix. In this stage is classified as strongly positive, positive, negative, strongly negative and none. Competitive benchmark. The result of the relationship matrix is compared with the security products available on the market. And is used to enhance weaknesses identified in the comparison. Technical Details. In this section, the matrix relationship begins to analyze and measure with computer security plan of the company related with the times, costs and difficulties. Technical Benchmark. This is the assessment of the improvements to computer security and the specifications or characteristics of the computer security. Goals. Herein determining the goals that must be obtained to improve the computer security of SMEs.
42
Correlation matrix
Security Characteristics
Computer security requirements of the company
Relative Importance
Relationship matrix
Competitive benchmark
Technical Details Technical Benchmark Goals
Figure 1. Methodology of House of Quality applied to computer security.
The process for making the House of Quality for information security of SME consists of the following steps: 1.-Make a list of 10 computer security needs of the company (CSR) from interviews and vulnerability analysis. And the ranks assigned section for information security needs of the company. It also determines the relative importance (RI) of each of the needs with values between 0 (unimportant) to 10 (very important).
Table 1. Needs of Computer Security.
1 2 n
Relative Importance RI1 RI2 RIn
# Rows
CSR1 CSR2 CSRn
43
Correlation matrix
Relative Importance
Relationship matrix
Figure 2. Computer Security Requeriments of the Company.
2.- Determine 15 security Characteristics (SC) that focus on how you should implement the security aspects in the company. And assigns in the columns for the features section of the computer security company.
Tabla 2. Security characteristics.
# 1 Column Security Characteristics
10
11
12
13
14
15
SC10
SC11
SC12
SC13
SC14
44
SC15
SC1
SC2
SC3
SC4
SC5
SC6
SC7
SC8
SC9
Correlation matrix
Relative Importance
Relationship matrix
Figure 3. Security characteristics in the HoQ.
3.- Develops the evaluation corresponding to the matrix of relationship. Assigns to the strong relationship (9), moderate relationship (3), or ? weak relationship (1) where the needs corresponding or match the characteristics or specifications to improve computer security.
Table 3. Matrix of relationship.
SC10
SC11
SC12
SC13
SC14
CSR1 CSR2 CSRn ?
? ?
45
SC15
SC1
SC2
SC3
SC4
SC5
SC6
SC7
SC8
SC9
Correlation matrix
Relative Importance
Relationship matrix
Figure 4. Matirx of relationship in the HoQ.
4.- Assigns 5-10 to computer security products on the market at competitive benchmark section. Computer security products will serve to improve the weaknesses identified in the company. Rate 0 to 5, where 0 is the worst rating of the product that solves the weaknesses of the company and 5 the best.
46
Table 4. Competitive Benchmark.
0 1 2 5
2 5 1 3
Correlation matrix
Relative Importance
Relationship matrix
Figure 5. Competitive Benchmark in HoQ.
47
P 10 5 0 4 2
P1
P2
5.- Determines the time and computational costs of each solution, and the difficulty required to implement the business plan according to computer security company in the technical details section. Assign between 0 to implementation that is easy to perform and 10 if it is extremely difficult.
Table 5. Technical Details.
Time Cost Difficulty
T1 T2 T3 C1 C2 D1 D2
T15 C15 D15
Correlation matrix
Relative Importance
Relationship matrix
Figure 6. Technical Details in HoQ.
48
6.- Calculate the importance of improve the information security and allocate in the section technical benchmark from 0 (unimportant) to 10 (very important). Table 6. Technical Benchmark. Importance I1 I2 I3 I15
Correlation matrix
Relative Importance
Relationship matrix
Figure 7. Technical Benchmark in HoQ.
7.- Determine the goals to be fulfilled at the time of improve the information security, and assign to the goals section. Table 7. Goals. Goals G1 G2 G3 G15
49
Correlation matrix
Relative Importance
Relationship matrix
Figure 8. Goals in the HoQ.
8.- Rate the correlation between each of the security features and assign to the strongly positive correlation, the positive correlation, the negative correlation, if the objective is to minimize, if the objective is to maximize, x if the goal is only the fulfillment of the activity.
50
Correlation matrix
Relative Importance
Relationship matrix
Figure 9. Correlation Matrix.
51
4. Experimentation The general idea of this research is to determine if it is possible to use the concepts of House of Quality to determine the information security of small and medium enterprises. The experimentation was conducted by the methodology House of Quality for Strategic Planning of Computer Security of SMEs. It was necessary to create a solution based on information technology applied to matrix of House of Quality for computer security of SMEs. The technological solution was applied to a SME of Campeche state.
Sym bols
strong relationship moderate relationship w eak relationship positive correlation (strong) positive correlation negative correlationa negative correlation (strong) to minimize to maximice fulfill the activity
9 3 1
Colum n # Direction of Im provem ent: Minimize (), Maximize (), or Target (x) 1 2 3 4
x
Create a form and a security policy to access the servers
7 8 9 10 11
12 13 14 15 Com petitive Benchm ark (0=Worst, 5=Best)

Company CISCO
Configure the filter to the download of files attached to the e-mails
x
Copy from the server the updates to a local server
Implement a device of the router between the Interner Service Provider and the main switch of the company
x
Disable the access of the usb device
x
Configure a password in the BIOS to the Computers
Capacitation of the administrator of Computer Science
Create a form and a incident policy
Instal a intrusion detection system
Buy a intrusion detection system
CHARACTERISTICS OF SECURITY
Create the Recovery Plan
SYMANTEC
AVAYA
Buy and install an antivirus
Weight Relative Importance
TELMEX
MICROSOTF
Needs of Com puter Security of the Com pany(1) 10.0 Disaster Recovery Plan 7.0 Log of incidents
MICROSOTF
SYMANTEC
Company
TELMEX
AVAYA
CISCO
1 2 3 4 5 6 7 8 9 10
12.5 8.8 12.5 10.0 11.3 11.3 7.5 6.3 12.5 7.5

2 months,$2000 1 month,$5000 20 HRS,$5000 1 week+,$5000 2 weeks,$1000 2 weeks,$0 1 week,$0 1 week,$0

2 months,$15000 1 week,$0 1 week,$0 1 week,$0
5 5
10.0 Physical Security 8.0 9.0 9.0 6.0 5.0 Intrusion Detecion System Antivirus Filters of spams Update of Operating Systems Log of access
5 5 4 5 5 3 4 3 5 5 3 5 5 3 4
10.0 Administrator of Computer Security 6.0 Intrusers in the w ireless
Technical Details (tim e, cost)
Difficulty (0=Easy to Accomplish, 10=Extremely Difficult) Technical Benchm ark (Im portance)
1 1
Document
5 5
Capacitation
1 1
Document
10 10
Software
10 10
Software
3 3
Software
7 7
Configuration
7 7
Software
1 1
Document
10 10
Configuration
3 3
Configuration
3 3
Configuration
Goals
Figure 10. House of Quality of the PYME.
5. Conclusions The strategic planning of computer security can be seen as a military strategy, if the security strategies are not effective neither product on the world will protect the company from aspects of computer security. As future work plans to conduct a research of the Total Quality Management (TQM) or Quality Function Depolyment (QFD) as applied to computer security for SMEs.
52
References
[1] DaeSoo, K., Ow, T.T., Minjoon, J.: SME strategies: an Assessment of High vs. Low Performers. Communications of ACM, Vol. 51, No. 11 (2008) 113-117. [2] Ruiz-Vanoye, J.A., Daz-Parra, O., Ponce-Medelln, I.R., Olivares-Rojas, J.C.: Strategic Planning for the Computer Science Security. WSEAS Trans. Comput., Vol. 5, No. 7 (2008) 387-396. [3] Ruiz-Vanoye, J.A., Daz-Parra, O., Zavala-Daz, J.C.: Strategic Planning for Computer Science Security of Networks and Systems in SMEs. African Journal of Business Management, Vol.6, No. 3 (2012) 762-769. [4] Cohen, L.: Quality Function Deployment: How to Make QFD Work for You Addison-Wesley Publishing Company, New York, 1995. [5] Sullivan, L.P: Quality Function Deployment. Quality Progress, Vol. 19, No. 6 (1986) 39-50. [6] Taguchi, G., Clausing, D.: Robust quality. Harvard Business Review (1990) 65-75. [7] Hauser, J., Clausing, D.: The house of quality. Harvard Business Review Vol. 3 (1988) 63-73. [8] Shigeru, M., Akao, Y.: Quality Function Deployment: A company Wide Quality Approach (in Japanese), JUSE Press, 1978. [9] Taeho, P., Kwang-Jae, K.: Determination of an optimal set of design requirements using house of quality. Journal of Operations Management, Vol. 16, No. 5 (1998) 569-581, [10] Lowe, A., Ridgway, K., Atkinson, H.: QFD in new production technology evaluation. International Journal of Production Economics, Vol. 67, No. 2 (2000) 103-112. [11] Gin-Shuh, L., Ji-Feng, D., Chun-Kai, W.: Applying fuzzy quality function deployment to prioritize solutions of knowledge management for an international port in Taiwan. Knowledge-Based Systems, Vol. 33 (2012) 83-91. [12] Charuenporn, P., Intakosum, S.:Qos-Security Metrics Based on ITIL and COBIT Standard for Measurement Web Services. Journal of universal computer science, Vol. 18, No. 6 (2012) 775-797. [13] Dohoon, K.: An integrated framework of HoQ and AHP for the QOE improvement of network-based ASP services. Annals of telecommunications, Vol. 65, No. 1-2 (2010) 19-29. [14] Kogure, M., Akao, Y.: Quality Function Deployment and Company Wide Quality Control in Japan: a strategy for assuring that quality is built into products. Quality Progress (1983) 25-29
53
Copyright of International Journal of Combinatorial Optimization Problems & Informatics is the property of International Journal of Combinatorial Optimization Problems & Informatics and its content may not be copied or emailed to multiple sites or posted to a listserv without the copyright holder's express written permission. However, users may print, download, or email articles for individual use.

85332536

Uploaded by

Document Information

Original Description:

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

85332536

Uploaded by

Copyright:

Available Formats

International Journal of Combinatorial Optimization Problems and Informatics, Vol. 4, No. 1, Jan-April 2013, pp. 39-53.

3. House of Quality for Strategic Planning of Computer Security

Computer security requirements of the company

Technical Details Technical Benchmark Goals

Figure 1. Methodology of House of Quality applied to computer security.

Relative Importance RI1 RI2 RIn

Computer security requirements of the company

CSR1 CSR2 CSRn

Computer security requirements of the company

Technical Details Technical Benchmark Goals

Figure 2. Computer Security Requeriments of the Company.

# 1 Column Security Characteristics

Computer security requirements of the company

Technical Details Technical Benchmark Goals

Figure 3. Security characteristics in the HoQ.

CSR1 CSR2 CSRn ?

Computer security requirements of the company

Technical Details Technical Benchmark Goals

Figure 4. Matirx of relationship in the HoQ.

Table 4. Competitive Benchmark.

Computer security requirements of the company

Technical Details Technical Benchmark Goals

Figure 5. Competitive Benchmark in HoQ.

Time Cost Difficulty

T15 C15 D15

Computer security requirements of the company

Technical Details Technical Benchmark Goals

Figure 6. Technical Details in HoQ.

Computer security requirements of the company

Technical Details Technical Benchmark Goals

Figure 7. Technical Benchmark in HoQ.

Computer security requirements of the company

Technical Details Technical Benchmark Goals

Figure 8. Goals in the HoQ.

Computer security requirements of the company

Technical Details Technical Benchmark Goals

Figure 9. Correlation Matrix.

12 13 14 15 Com petitive Benchm ark (0=Worst, 5=Best)

Configure the filter to the download of files attached to the e-mails

Capacitation of the administrator of Computer Science

Create a form and a incident policy

Instal a intrusion detection system

Buy a intrusion detection system

Buy and install an antivirus

Weight Relative Importance

10.0 Administrator of Computer Security 6.0 Intrusers in the w ireless

Technical Details (tim e, cost)

Figure 10. House of Quality of the PYME.

You might also like