Every organization is formed on a Vision to do something. It sets up certain Objectives to achieve the desired goals of their Vision. To act on those objectives, it inducts Human Resources who can create, perform and manage the deliverables defined by the Objectives. Rules are defined as Business Processes for activities undertaken by the Human Resources.
A large amount of information is created and utilized by the Human Resources to perform the activities, therefore technology is used for activities which could be automated and require least human interaction. Repetitive tasks are designated into Business Applications and the information generated is stored into technology provided Data Store, where it can be easily retrieved when needed. The core technology is based on computers, their storage capability and the intercommunications between several computers. Collectively this is Information and Communications Technology (ICT). These layers of ICT, Data Stores, Business Applications, Business Processes and Human Resources are interdependent and work in cohesion to achieve the Business Objectives and desired Vision. So, it becomes necessary to provide a Housing Facility where these layers could operate seamlessly.
However, all these layers are subject to disruption and may be compromised unless they are robust enough. One has to see each layer in terms of its Reliability, i.e., can this layer be relied upon? What are my Threats?
Any failure of Reliability brings into question the Availability of the layer being disturbed, i.e., how long will this layer be not available? What are my Risks?
And if an event renders a layer compromised then how can the normal state be resumed or Recovered, i.e. do I need to re build? Can I be Resilient?
A logical approach which comes to mind is to provide a protective cover of Security for all these interacting layers. The cover of Security needs constant improvement to shield against any breaches. Similarly, each layer in itself needs sufficient capability in terms of Reliability, Availability and Recoverability.
Therefore, appropriate measure is taken frequently and regularly to maintain the operational aspects of each layer. This leads to managing the layers through a Governance framework, with understanding of Risks involved and Complying to methods defined by rules and standards.