cisa-d4-operations-resilience-it-components

IT Components

isaca-cisa · framework · Production-ready

Drawn fromCISA Review Manual · ISACA peer-reviewed case sets·Reviewed May 4, 2026

How this was built ▾

Every cubelet runs through five agent passes before publishing. Each stage's output is recorded so we can trace how a claim got here.

01 · RESEARCHSource synthesisClaude Haiku
02 · WRITERSix-face draftingClaude Sonnet
03 · EDITORCoherence + clarity passClaude Sonnet
04 · QAQuality gate scoringClaude Opus
05 · PUBLISHERCatalog + graph commitClaude Haiku

This runcourse-factory-pipeline-v1

1

Face 1 of 6 · WHAT

What is IT Components

IT Components are the discrete hardware, software, firmware, and network building blocks that collectively constitute an organization's information systems. They include physical assets (servers, storage arrays, networking switches, routers, firewalls, end-user devices), software assets (operating systems, middleware, applications, databases), virtual and cloud assets (VMs, containers, cloud services, microservices), and the interconnections between them. Critically, IT components are not isolated pieces of equipment or code — they are an interdependent system whose relationships determine how reliably business operations run. Understanding IT components means understanding both what each element does and how its failure or degradation propagates to everything connected to it.

Where it stops · what it isn't

—IT Components ARE: servers, storage, networking gear, operating systems, applications, databases, virtual machines, containers, cloud services (IaaS/PaaS/SaaS), firmware, APIs, and their configuration states and interdependencies.
—IT Components are NOT: the business processes they enable (business architecture), the data they process (data governance), or the people who operate them (IT organizational structure and workforce competencies).
—IT Components are NOT synonymous with IT Assets in the accounting sense — the component view emphasizes operational relationships and dependency chains, not book value or depreciation schedules.
—Emerging component types — serverless functions, edge compute nodes, IoT devices — are in scope; the boundary expands as new infrastructure paradigms are adopted.
—Component monitoring and performance management are in scope at a conceptual level; detailed operational procedures for monitoring tools are covered in the Systems Availability and Capacity Management cubelet.

Connected concepts in the graph

Every cubelet sits in a knowledge graph. Here's what this one connects to.

PART OF

Information Systems Operations and Business Resilience (ISACA-CISA Domain 4)

ENABLES

Systems Availability and Capacity ManagementSystem and Operational Resilience and Disaster Recovery PlansBusiness Continuity and Disaster Recovery Planning (RTO/RPO targets depend on component redundancy and architecture)

REQUIRES

IT Asset Management (inventory and lifecycle foundation)

RELATED TO

System InterfacesDatabase ManagementEnd-user Computing and Shadow IT

CONSTRAINS

Enterprise Architecture decisions (component choices constrain architectural options)

Practice this judgment ↗

Adaptive, ~8 min

Sit in the practitioner's chair ↗

Live simulator

06 · APPLYSign up to enter the judgment simulator →

Watch your judgment grow on this concept

Create a free account to unlock all 6 faces, the judgment simulator, and a mastery score that updates with every attempt.