Some other components of a business could be leadership, legal and compliant businesses, research and development, and having a plan or strategy. These fit into components of business because in order to run a business you need to have someone who knows what they are doing and are able to make decisions which goes into another component i listed which was having a plan or a strategy. If businesses don’t have a plan or strategy you cant expect your business to be successful, you have to be able to know what works for your business or what doesn’t work. Research and development is an important component of having a business because you have to be able to develop new things for your customers or develop an existing product into something bigger. The last component is having a legal and compliant business. This is important because if you don’t have a business that follows the legal rules or the law you can be shut down, so it’s important to make sure that your not breaking any regulations or laws. IT fits inro an organization because in order to not have any information leaked or to have anything hacked into, you need cybersecurity. It can also help keep track of your data management which makes sure all of your data is accurately collected, stored and analyzed. The roles and responsibilities in IT is, the CEO and they are responsible for making sure the information security management has strategic and operational planning processes but to also make sure the information and systems are used to only support organizational operations and to have proper information when it comes to security, and to make sure we have trained personnel that are following the rules with related information security legislation, policies, directives, instructions and guidelines.  The next role is CIO, the responsibilities for CIO are locating resources that are dedicated to the protection of the systems supporting their organizations missions and business functions, making sure the systems are protected by approved security plans, and that they are authorized to operate, and making sure that we have an organization wide information security program that is being enforced. The next role is the information owner. The responsibilities of being an information owner is to make sure they are establishing rules that follow appropriate use and protection for the subject information and to make sure the system owners in regards to security requirements and security controls needed to sufficiently protect the subject information. The next one is the SAISO (Senior Agency Information Security Officer) this role could also be know as the CISO (Chief Information Security Officer). The responsibilities include managing and enforcing the organization-wide security programs and to make sure to take on the role of authorizing official designated security control assessors when needed. The next role is Common control provider and their responsibilities are documenting the organization-identified common controls in a security plan and ensuring that the required assessments of the common controls are carried out by qualified assessors that have an appropriate level of independence that are defined by that specific organization.  The next role is the system owner, their responsibilities are overseeing the everyday security operations of a system and helping in the development of the security polices and procedures and ensuring that they are complying with the policies and procedures. The next role is information security architect and their responsibilities are serving as the contact between the architect and the ISE (information security engineer) and coordinating with system owners, common control providers, and system security officers on the allocation of security controls. The next is SSE (System Security Engineer) and the responsibilities for designing and developing organizational system and coordinating security-related activities that deal with information security architects, senior agency information, system owners, common control providers, and the SSO ( system security officers). The next role is the security control assessor and their responsibilities are providing as assessment to identify the weaknesses in the systems and its environment of operation, recommending corrective actions to address identified vulnerabilities and preparing a security assessment report containing the results and findings from the assessment. System administrator and the responsibilities are installing, configuring and making sure the hardware and software are updated, establishing and managing user accounts, overlooking backup and recovery tasks, and applying technical security controls. The last role in IT is  the user, the responsibilities for them is to make sure they are sticking to standards that govern the use of organizational systems, and reporting suspicious system behavior. IT itself should be organized by the size of the organization, the industry, the resources, and the goals.