-Software quality assurance (SQA) is an important part of the software development process. SQA helps to ensure that standards, processes and procedures are appropriate for the project and are implemented correctly. SQA encompasses software quality control which employs operational techniques that help to ensure that the project produces the required deliverable or product.
-The adverse impact of a security threat or event can be described in terms of loss or degradation of confidentiality, integrity, and/or availability (Stoneburner et. al, 2002). The impact levels focus on the potential impact and magnitude of harm that the loss of CIA would have on CDC’s operations, assets, or individuals. By assessing the value of information assets, an organization is better able to determine which information assets are the most critical to the success of the organization.
-A software quality assurance plan that is inclusive of security requirements, controls, and processes may serve as safeguards or countermeasures to the security of the organization’s information systems.
-IT governance allows for upper management support and delegation of decision rights to quality assurance and security personnel who helps to ensure IT objectives and investments are in alignment with business objectives. A software quality assurance plan should be in alignment with an organization’s overall business goals and consist of quality control activities throughout the systems development lifecycle that not only ensure that the right product is being built but also ensure that security requirements are met and security risks mitigated.