IT
•used to refer to the organizational Input Devices
department with main responsibility for
technology.
Information & Technology
• all the information the enterprise generates,
processes and uses to achieve its goals, as
well as the technology to support that
throughout the enterprise.
Information Technology
• Using computers or computer systems to
manage all this information
• They are used to create, store, retrieve and
transmit data or Information across large
distances.
Information Technology
• The study, or use, of computer systems for
storing, retrieving or sending information’.
(Oxford Dictionary)
• They are used to create, store, retrieve and
transmit data or information across large
distances, thus they have become
indispensable to our 21st century lives.
Why do we need computer?
• We built computers to expand our brains.
• Modern times meant complex problems
with complex solutions. We needed help.
• Computers gave us a way to store, retrieve
and process data.
• Computers process data and carry out
complex calculations within a few seconds.
• They can also be connected to a network
making it possible to share information over
large distances.
How do computers work?
• A computer is an electronic device that can
receive information, perform actions on the
basis of rules and provide an output.
• Using these functions a computer can
access, store, process and relay information
to its user.
• It accepts data, makes changes to it, based
on certain conditions, and displays the
result.
• Computers understand everything in
combinations of 0s and 1s, but also know
how to build complex things out of them.
This is called Binary Code.
• Computers are able to convert these 0s and
1s to mean various things such as in a
game, a web page and even the application.
What’s inside computer?
• A computer, in the same way will ‘listen’ to
its user by accepting an instruction. This is
called providing an Input.
• Input can be given to a computer in a
variety of ways. One can do this by typing
them out on a keyboard, clicking on
something on the screen using a mouse,
speaking through a microphone, etc.
• Devices through which, we can give
instructions to the computer, or interact with
it, are called Input Devices.
Output Devices
• Usually it will display its ‘answer’ or results
back to us by displaying it on the screen, or
executing the command given to it. This is
called the output of the computer. Hence
devices used to share output with the user
are called Output Devices.
Processing
• Between the Input and Output is the crucial
step of Processing.
• Processing takes place in the Central
Processing Unit or the CPU. The CPU uses
the instructions, given to it by the user,
along with the stored instructions in its
memory to give a result.
• You could say that the CPU, along with the
memory units, make up the Processing
stage in the working of a computer.
• As mentioned earlier, The CPU is the main
component of the computer that performs
calculations, actions and runs programs. It
is called the Brain of the computer.
• The CPU further consists of the Control Unit
(CU), the Arithmetical and the Logical Unit
(ALU)
• The ALU Performs all the calculations and
logical operations of the computer,
manipulating numbers in a structured and
purposeful way.
• Computers understand instructions in
combinations of 0s and 1s. Since everything
is expressed in numbers, the Arithmetic and
Logical Unit becomes crucial.
• The Control Unit directs and controls the
operation of the processor. It constantly
communicates with the ALU, the memory
and the Input/Output devices
telling them what to do.
 • The Control Unit directs and controls the
operation of the processor. It constantly
communicates with the ALU, the memory
and the Input/Output devices telling them
what to do.
• The CU reads and interprets instructions.
• ‘It controls information flow from various
devices of the computer and regulates the
timing of the processor’s working.
• Handles multiple tasks of fetching,
decoding, executing and storing results and,
is obviously indispensable to the working of
a computer.
• There are 2 kinds of memory in a computer,
Primary memory and Secondary
memory.
• The Secondary Storage is the unit where all
the computer’s data and instructions are
stored. This is the permanent memory
containing data and programs. It is
rewritable.
• There is another memory called ROM
(Read Only Memory) where essential
instructions related to the startup of the
computer and other vital functions are
stored. It’s not rewritable.
• From the ROM and the Storage, everything
required for immediate use is copied and
stored in the Memory section. This Memory
Is temporary and is called the RAM
(Random Access Memory).
What are computer programs?
• The fundamental use of a computer is to
work for us, to carry out our instructions.
• The computer will execute exactly as it is
instructed to; hence, the task must be
explained in a series of detailed steps. So, a
computer program, in simple terms, is a list
of instructions for the computer to perform.
• All the programs used by a computer are
collectively called software and all the
tangible components of a computer are
called hardware.
Programming Language
• Instructions are written to the computer in a
language that is partly English and partly
contains connotations understandable by a
machine.
• Cannot be directly understood by the
computer, it has to be translated into Binary
Code before execution
• This translation stage is called Compiling
and is done by a program called a
Compiler.
Computer Networking
Resource Sharing
• As computers become more compact, they
were produced in large numbers and
gradually they became cheaper in the
market.
• Pretty soon companies and workspaces had
multiple computing devices. It then became
useful to share data and resources amongst
a network of machines.
• It was cheaper to have a large, shared
storage drive and have one common printer
among multiple computer systems
Connecting People
• They existed mainly to allow the sharing of
data and resources within a single
workspace
Computer network
• basically, is a group of two or more
computing devices, connected using a
telecommunications network, allowing them
to share data and resources.
IT Risk Defined
1. The combination of the probability of an
event and its consequence.
2. The business risk associated with the
adoption and use of information technology.
3. Risk is a function of the likelihood of a given
threat-source’s exercising a particular
potential vulnerability and the resulting
impact of that adverse event on the
organization
“An event, that, if it occurs can affect enterprise
goal achievement “
Types of Risks
Strategic Risk
• risks that involve future business plans and
strategies
Operational Risk
• potential losses caused by failed processes,
policies, systems or events that disrupt
business operations.
Portfolio Risk
• risks related to IT achieving its objectives in
optimizing business value
Project Risk
• involving acquisition, procurement or
funding including risk concerning the
people, cost, technical aspects and
resources of the project
Risk Ownership Digital transformation
Risk • Organizations are adopting digital
• The potential of undesirable or unfavorable technology at a rapid pace, this is a positive
outcome from a given action transformation but while this is generating
Threat new opportunities, it is also creating new
• Natural, environmental, or human event that risks. Adopting advanced technology can be
could cause harm an enabler or a distractor but all have risks.
Vulnerability High velocity IT
• A weakness that could be exploited by a • Organizations are transforming at a break
threat next speed. Agile and DevOps are hot
Inherent Risk topics today in this fast-paced and high
• The level of risk before security measure velocity environment. For most
are applied organizations these aggressive deployment
Residual risk techniques can often evolve so fast that
• The level of risk after security measures are they can create critical vulnerabilities.
applied Aggressive compliance requirements
Risk appetite • Growth of laws, rules and regulations
• The amount of risk an entity is willing to internationally. This is tipping the scale
accept in pursuit of its mission between performance and compliance or
Risk tolerance performance. It forces some organizations
• How much undesirable outcome the risk to become checklist compliant and not focus
taker is willing to accept on the risk-based scenarios that the
company actually faces.
Risk Governance Global disruptions (pandemic)
• Ensure that IT related enterprise risk does Political and social landscape
not exceed risk appetite and risk • Increasing sensitivity to political factors are
tolerance creating extreme social and political
Risk Management divisions that are seemingly non-negotiable.
• Continually identify, assess and reduce IT • In addition, the ease of using social media
risk within the tolerance levels set or web to quickly spread information
by the enterprise whether real or not too many people
instantly are numerically high. This again
maybe creating more vulnerabilities.
Global climate concerns
• Global climate concerns put pressure on
nations and companies to become more
environmentally friendly and this contrived
many decisions that the organization
makes.

Types of Emerging Risk

Cyber threat sophistication
• Although organizations are getting better at
cyber defense, the bad actors are also
becoming increasingly sophisticated in their
tactics, techniques and procedures. Cyber
criminals are successful in large part
because many organizations are not
carrying out due diligence in addressing the
problems.