Application of quality function deployment to the management of information physical security

Abstract

Information physical security (IPS) refers to the prevention from intended attacks against all material devices and to the protection against deliberate attacks by supporting and managing related data/information. Information in today's world represents an important asset to be protected and for this reason it is necessary to adopt a suitable method for risk and security management. The Quality Function Deployment (QFD) method was originally developed as a tool capable of ensuring a valuable help in the design of products and services, guaranteeing customer satisfaction and value creation. The core of the method is the set of matrices called the ‘House of Quality’ (HoQ), which relates the Customer Requirements (CRs) with Engineering Characteristics (ECs): in other words, the HoQ is a way of translating customer requirements into design parameters. Numerous studies have demonstrated its use in a wide range of sectors. In particular, its application in the security engineering context has been investigated by means of the House of Security (HoS). Its objective is represented by the classification of the components of a security system in response to different scenarios of voluntary attacks. Based on this, the aim of the study consists in extending such an approach to information physical security. More in detail, the purpose of this paper is the development of a systematic model, based on the HoS and applicable to information physical security, that allows the definition and raking of the vital components of an information physical security system (IPSS). In this way, it is possible to perform a proper cost/benefit analysis, considering a general physical layout of a certain organization so that the results can be wide-ranging and applicable in different contexts.