International Journal of Combinatorial Optimization Problems and Informatics. E-ISSN:

Transcription

1 International Journal of Combinatorial Optimization Problems and Informatics E-ISSN: International Journal of Combinatorial Optimization Problems and Informatics México Ruiz-Vanoye, Jorge A.; Díaz-Parra, Ocotlán; Nolazco-Flores, Juan Arturo; Canepa Saenz, Ana; Hernández, Víctor H.; Mendoza Gongora, Heriberto Quality Function Deployment (QFD) House of Quality for Strategic Planning of Computer of SMEs International Journal of Combinatorial Optimization Problems and Informatics, vol. 4, núm. 1, eneroabril, 2013, pp International Journal of Combinatorial Optimization Problems and Informatics Morelos, México Available in: How to cite Complete issue More information about this article Journal's homepage in redalyc.org Scientific Information System Network of Scientific Journals from Latin America, the Caribbean, Spain and Portugal Non-profit academic project, developed under the open access initiative

2 International Journal of Combinatorial Optimization Problems and Informatics, Vol. 4, No. 1, Jan-April 2013, pp ISSN: Quality Function Deployment (QFD) House of Quality for Strategic Planning of Computer of SMEs Jorge A. Ruiz-Vanoye 1, Ocotlán Díaz-Parra 1, Juan Arturo Nolazco-Flores 2, Ana Canepa Saenz 1, Víctor H. Hernández 1, Heriberto Mendoza Gongora 1 1 Universidad Autónoma del Carmen, México. 2 Tec de Monterrey Campus Monterrey, México. Abstract: This article proposes to implement the Quality Function Deployment (QFD) House of Quality for strategic planning of computer security for Small and Medium Enterprises (SME). The House of Quality (HoQ) applied to computer security of SME is a framework to convert the security needs of corporate computing in a set of specifications to improve computer security. Keywords: House of Quality, QFD, Computer, SMEs. 1. Introduction The Small and Medium Enterprises (SMEs), Small and Medium Businesses (SMBs) or Very Small Enterprises (VSEs) are companies with fewer than 10 employees (Micro enterprises), 50 employees (small) and those with fewer than 250 (medium). In most economies, smaller enterprises are much greater in number [1]. The use of the strategic planning in questions of computer security is an excellent mechanism to administer aspects of security in any SME. Ruiz-Vanoye et al. (2008) [2] are the first to propose to apply the strategic planning for the computer security. The methods of strategic planning for computer science security are: The of recommendations and threats (RT ), The of mechanism and vulnerabilities (MV ), The of vulnerabilities, recommendations, threats and mechanism (VRTM ), and the quantitative strategic planning for computer science security (QSPM-CSS). Ruiz-Vanoye et al. (2012) [3] apply the strategic planning for the computer science security of network and systems in SMEs with the following characteristics: easy to understand, easy to apply, and economical in its adoption. This paper proposes to implement the Quality Function Deployment (QFD) House of Quality for strategic planning of computer security for Small and Medium Enterprises Received Jul 30, 2012 / Accepted Dec 6, 2012 Editorial Académica Dragón Azteca (EDITADA.ORG)

3 (SME). The House of Quality (HoQ) applied to computer security of SME is a framework to convert the security needs of corporate computing in a set of specifications to improve computer security. The paper is organized as describing the House of Quality for Strategic Planning of Computer to the SMEs, the results, discussion and the conclusions. 2. Related Works Louis Cohen [4] proposed a four-phase Quality function deployment (QFD) model in a discussion of product development; these phases respectively consist of customer requirement planning (CRP), product characteristics deployment (PCD), process and quality control (PQC), and the operative instruction (OPI). The CRP phase of the QFD model consists of use of a, known as the House of Quality (HOQ), which uses matrices to show multiple relationships between customer requirements and technical specifications. Quality function deployment (QFD) is a widely-used methodology for developing a design quality aimed at satisfying the customer and translating the customer s demand into design targets [5]. Quality function deployment (QFD) is an effective tool that can aid in moving towards a more proactive product development [5]. The idea of introducing quality at the design stage was developed for manufacturing processes by Taguchi to ensure what he called "robust quality" (Taguchi and Clausing 1990[6]). This idea is also the foundation of the "house of quality" of Hauser and Clausing (1988) [7]. Quality Function Deployment (QFD) was developed in Japan by Shigeru Mizuno and Yoji Akao, first implemented in Mitsubishi in 1972, later adopted in US in 1983 [8]. Quality has been one of the competitive strategies in the global market. To ensure quality companies have adopted the Total Quality Management (TQM) as a part of success in business goals and have used TQM methods (such as function development of Quality or Quality Function Deployment-QFD) for the design of process control. 40

4 QFD was applied to many industrial problems such as product design, strategic planning, renewal of a telecommunications wiring closet, and improved customer service. The basic concept of QFD is to translate the desires of consumers in product design or characteristics and parts. Each translation uses a called House of Quality (HoQ) to identify customer requirements and prioritize Design Requirements (DRs) to meet customer requirements. HOQ displayed in a showing the customer requirements in rows and columns design requirements; their relationships within the, and their correlations or dependencies of the design requirements on top of the. HOQ also uses a weighting scale to indicate the degree of strength between customer requirements and design requirements. QFD was originally created by Mitsubishi in 1972 [8]. The House of Quality has been used for the determination of an optimal set of requirements for the design of the problem of improving indoor air quality [9]. The House of Quality has been used mainly in the production of related products manufacturing. For example for the manufacturing process of metal [10]. To prioritize knowledge management of data storage solutions and data mining systems for Taiwan's international airport [11]. Charuenporn [12] proposes a new way of developing Quality of Service QoS-SM using Qos ontology mapping with two information system standards, COBIT and ITIL, as a result of which new Qos-SM are developed, by represents the metrics in the form of a class diagram, thus facilitating its application in the organization. Kim Dohoon [13] proposes an integrated framework of House of Quality (HoQ) and analytical hierarchy process (AHP) for the improvement of network-based ASP services. The proposed integrated framework successfully finds key functional elements, such as business customization and security/failure management, to reengineer the service delivery process, thereby helping service providers develop better ASP services to improve QoE effectively and efficiently. 41

5 This paper propose to implement the Quality Function Deployment (QFD) House of Quality for strategic planning of computer security for Small and Medium Enterprises (SME). 3. House of Quality for Strategic Planning of Computer The House of Quality applied to computer security of SME is a framework to convert the security needs of corporate computing in a set of specifications to improve computer security. The House of Quality for the strategic planning of computer security includes:. It is one of inputs of the House of Quality and It is defined the analysis, interviews, assessing risks and vulnerabilities in computer security, among others. The relationship. This is the dimension where requirements correspond or match with characteristics or specifications the improvement of the computer security.. Product features or specifications to improve computer security focus on how to should implement the security aspects of the enterprise.. In this stage is classified as strongly positive, positive, negative, strongly negative and none.. The result of the relationship is compared with the security products available on the market. And is used to enhance weaknesses identified in the comparison.. In this section, the relationship begins to analyze and measure with computer security plan of the related with the times, costs and difficulties.. This is the assessment of the improvements to computer security and the specifications or characteristics of the computer security.. Herein determining the goals that must be obtained to improve the computer security of SMEs. 42

6 # Rows Ruiz-Vanoye et al. / Quality Function Deployment (QFD) House of Quality for Strategic Planning of Figure 1. Methodology of House of Quality applied to computer security. The process for making the House of Quality for information security of SME consists of the following steps: 1.-Make a list of 10 computer security needs of the (CSR) from interviews and vulnerability analysis. And the ranks assigned section for information security needs of the. It also determines the relative importance (RI) of each of the needs with values between 0 (unimportant) to 10 (very important). Table 1. Needs of Computer. requirements of the 1 RI1 CSR1 2 RI2 CSR2 n RIn CSRn 43

7 SC1 SC2 SC3 SC4 SC5 SC6 SC7 SC8 SC9 SC10 SC11 SC12 SC13 SC14 SC15 Ruiz-Vanoye et al. / Quality Function Deployment (QFD) House of Quality for Strategic Planning of Figure 2. Computer Requeriments of the Company. 2.- Determine 15 security (SC) that focus on how you should implement the security aspects in the. And assigns in the columns for the features section of the computer security. Tabla 2. characteristics. # Column

8 SC1 SC2 SC3 SC4 SC5 SC6 SC7 SC8 SC9 SC10 SC11 SC12 SC13 SC14 SC15 Ruiz-Vanoye et al. / Quality Function Deployment (QFD) House of Quality for Strategic Planning of Figure 3. characteristics in the HoQ. 3.- Develops the evaluation corresponding to the of relationship. Assigns to the strong relationship (9), Ο moderate relationship (3), or? weak relationship (1) where the needs corresponding or match the characteristics or specifications to improve computer security. Table 3. Matrix of relationship. CSR1 Ο?? CSR2? Ο?? Ο? CSRn Ο? Ο 45

9 Figure 4. Matirx of relationship in the HoQ. 4.- Assigns 5-10 to computer security products on the market at competitive benchmark section. products will serve to improve the weaknesses identified in the. Rate 0 to 5, where 0 is the worst rating of the product that solves the weaknesses of the and 5 the best. 46

10 P 1 P 2 P 10 Ruiz-Vanoye et al. / Quality Function Deployment (QFD) House of Quality for Strategic Planning of Table 4. Competitive Figure 5. Competitive in HoQ. 47

11 5.- Determines the time and computational costs of each solution, and the difficulty required to implement the business plan according to computer security in the technical details section. Assign between 0 to implementation that is easy to perform and 10 if it is extremely difficult. Table 5.. Time T1 T2 T3 T15 Cost C1 C2 C15 Difficulty D1 D2 D15 Figure 6. in HoQ. 48

12 6.- Calculate the importance of improve the information security and allocate in the section technical benchmark from 0 (unimportant) to 10 (very important). Table 6.. I1 I2 I3 I15 Figure 7. in HoQ. 7.- Determine the goals to be fulfilled at the time of improve the information security, and assign to the goals section. Table 7.. G1 G2 G3 G15 49

13 Figure 8. in the HoQ. 8.- Rate the correlation between each of the security features and assign to the strongly positive correlation, the positive correlation, the negative correlation, if the objective is to minimize, if the objective is to maximize, x if the goal is only the fulfillment of the activity. 50

14 Figure 9. Matrix. 51

15 Document Capacitation Document Software Software Software Configuration Software Document Configuration Configuration Configuration 1 month,$ HRS,$ week,$0 2 months,$ week+,$ weeks,$ weeks,$0 1 week,$0 1 week,$0 2 months,$ week,$0 1 week,$0 Weight Create the Recovery Plan Capacitation of the administrator of Computer Science Create a form and a security policy to access the servers Buy a intrusion detection system Instal a intrusion detection system Buy and install an antivirus Configure the filter to the download of files attached to the s Copy from the server the updates to a local server Create a form and a incident policy Implement a device of the router between the Interner Service Provider and the main switch of the Disable the access of the usb device Configure a password in the BIOS to the Computers Company CISCO SYMANTEC AVAYA TELMEX MICROSOTF Ruiz-Vanoye et al. / Quality Function Deployment (QFD) House of Quality for Strategic Planning of 4. Experimentation The general idea of this research is to determine if it is possible to use the concepts of House of Quality to determine the information security of small and medium enterprises. The experimentation was conducted by the methodology House of Quality for Strategic Planning of Computer of SMEs. It was necessary to create a solution based on information technology applied to of House of Quality for computer security of SMEs. The technological solution was applied to a SME of Campeche state. Symbols strong relationship 9 Ο moderate relationship 3 w eak relationship 1 x positive correlation (strong) positive correlation negative correlationa negative correlation (strong) to minimize to maximice fulfill the activity Direction of Improvement: Minimize ( ), Maximize (), or Target (x) Column # x x x x x Competitive (0=Worst, 5=Best) Company CISCO CHARACTERISTICS OF SECURITY SYMANTEC AVAYA TELMEX MICROSOTF Needs of Computer of the Company(1) Disaster Recovery Plan Log of incidents Physical Intrusion Detecion System Antivirus Filters of spams Update of Operating Systems Log of access Administrator of Computer Intrusers in the w ireless 5 3 Ο Ο Ο Ο (time, cost) Difficulty (0=Easy to Accomplish, 10=Extremely Difficult) () Figure 10. House of Quality of the PYME. 5. Conclusions The strategic planning of computer security can be seen as a military strategy, if the security strategies are not effective neither product on the world will protect the from aspects of computer security. As future work plans to conduct a research of the Total Quality Management (TQM) or Quality Function Depolyment (QFD) as applied to computer security for SMEs. 52

16 References [1] DaeSoo, K., Ow, T.T., Minjoon, J.: SME strategies: an Assessment of High vs. Low Performers. Communications of ACM, Vol. 51, No. 11 (2008) [2] Ruiz-Vanoye, J.A., Díaz-Parra, O., Ponce-Medellín, I.R., Olivares-Rojas, J.C.: Strategic Planning for the Computer Science. WSEAS Trans. Comput., Vol. 5, No. 7 (2008) [3] Ruiz-Vanoye, J.A., Díaz-Parra, O., Zavala-Díaz, J.C.: Strategic Planning for Computer Science of Networks and Systems in SMEs. African Journal of Business Management, Vol.6, No. 3 (2012) [4] Cohen, L.: Quality Function Deployment: How to Make QFD Work for You Addison-Wesley Publishing Company, New York, [5] Sullivan, L.P: Quality Function Deployment. Quality Progress, Vol. 19, No. 6 (1986) [6] Taguchi, G., Clausing, D.: Robust quality. Harvard Business Review (1990) [7] Hauser, J., Clausing, D.: The house of quality. Harvard Business Review Vol. 3 (1988) [8] Shigeru, M., Akao, Y.: Quality Function Deployment: A Wide Quality Approach (in Japanese), JUSE Press, [9] Taeho, P., Kwang-Jae, K.: Determination of an optimal set of design requirements using house of quality. Journal of Operations Management, Vol. 16, No. 5 (1998) , [10] Lowe, A., Ridgway, K., Atkinson, H.: QFD in new production technology evaluation. International Journal of Production Economics, Vol. 67, No. 2 (2000) [11] Gin-Shuh, L., Ji-Feng, D., Chun-Kai, W.: Applying fuzzy quality function deployment to prioritize solutions of knowledge management for an international port in Taiwan. Knowledge-Based Systems, Vol. 33 (2012) [12] Charuenporn, P., Intakosum, S.:Qos- Metrics Based on ITIL and COBIT Standard for Measurement Web Services. Journal of universal computer science, Vol. 18, No. 6 (2012) [13] Dohoon, K.: An integrated framework of HoQ and AHP for the QOE improvement of network-based ASP services. Annals of telecommunications, Vol. 65, No. 1-2 (2010) [14] Kogure, M., Akao, Y.: Quality Function Deployment and Company Wide Quality Control in Japan: a strategy for assuring that quality is built into products. Quality Progress (1983)