Which framework aligns IT risks with business objectives for executive leadership?

The chosen answer effectively highlights COBIT as the framework designed to align IT risks with business objectives, making it particularly suited for executive leadership. COBIT, which stands for Control Objectives for Information and Related Technologies, provides a comprehensive structure for governance and management of enterprise IT. It translates complex IT concepts into language that business leaders can understand and use to make informed decisions related to risk management.

By focusing on governance, measurability, and continuous improvement, COBIT specifies how to integrate IT risk assessments into the broader goals of the organization. This alignment is crucial for executives to understand how IT risks may impact business objectives, enabling them to make strategic decisions that support the organization's overall mission.

The other frameworks mentioned, while valuable in their own right, do not specifically prioritize the alignment of IT risk with business objectives in the same way COBIT does. For instance, ISO standard 15408, also known as the Common Criteria, is primarily focused on evaluating security properties of software and systems, rather than providing a governance framework. NIST 800-61 is focused on computer security incident handling and response strategies, and NIST 800-53 offers a catalog of security controls for federal information systems, which is more technical and less directed at executive-level governance. Therefore