Lesson 3H – Quality Costs

This lesson introduces the concept of quality costs, which can be used to understand how resources are allocated, prioritizing activities, budgeting activities, and determining whether improvements have yielded a financial benefit.

Learning Objectives
  • Define “cost of quality”
  • Describe how quality costs can be used to assess and improve organizations
  • Explain how quality costs are calculated
  • Identify common tasks in cybersecurity that fall into each of the quality cost categories: prevention, appraisal, internal failure, and external failure
Lesson 3H – Quality Costs Lesson Plan
Laboratory Exercise 3H – Quality Costs Handout

Log In
to download materials

* NICE Cybersecurity Workforce Framework KSAs Addressed
  • K0004: * Knowledge of cybersecurity principles.
  • K0036: Knowledge of human-computer interaction principles.
  • K0084: Knowledge of structured analysis principles and methods.
  • K0150: Knowledge of enterprise incident response program, roles, and responsibilities.
  • K0329: Knowledge of statistics.
  • S0021: Skill in designing a data analysis structure (i.e., the types of data your test must generate and how to analyze those data).
  • S0038: Skill in identifying measures or indicators of system performance and the actions needed to improve or correct performance, relative to the goals of the system
  • S0060: Skill in writing code in a currently supported programming language (e.g., Java, C++).
  • S0085: Skill in conducting audits or reviews of technical systems.
  • S0256: Skill in providing understanding of target or threat systems through the identification and link analysis of physical, functional, or behavioral relationships.
  • S0359: Skill to use critical thinking to analyze organizational patterns and relationships.
  • A0009: Ability to apply supply chain risk management standards
  • A0040: Ability to translate data and test results into evaluative conclusions.
  • A0045: Ability to evaluate/ensure the trustworthiness of the supplier and/or product.
  • A0106: Ability to think critically.
  • A0117: Ability to relate strategy, business, and technology in the context of organizational dynamics.
  • A0118: Ability to understand technology, management, and leadership issues related to organization processes and problem solving.
  • A0119: Ability to understand the basic concepts and issues related to cyber and its organizational impact.
* NSA/DHS Center of Excellence (CAE) KUs Addressed
  • Basic Data Analysis
  • Basic Scripting or Introductory Programming
  • Probability and Statistics
  • Industrial Control Systems

* Most courseware content maps to NIST NICE Cybersecurity Workforce Framework (NCWF) Knowledge, Skills, and Abilities (KSAs) and/or NSA/DHS CAE Knowledge Units (KUs). For more information on KSAs and KUs, please visit:

KSAs: http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-181.pdf

KUs: https://www.iad.gov/NIETP/documents/Requirements/CAE-CD_2019_Knowledge_Units.pdf