Which framework is created and maintained by ISACA to frame IT risk from a business leadership perspective?

The framework created and maintained by ISACA that frames IT risk from a business leadership perspective is COBIT (Control Objectives for Information and Related Technologies). This framework is designed to provide a comprehensive approach to governance and management of enterprise IT, aligning IT goals with business objectives. COBIT emphasizes the importance of risk management as a crucial element of successful IT governance, focusing on processes, policies, and best practices that help organizations effectively manage and mitigate IT-related risks.

COBIT enhances communication between IT and business leaders by ensuring that IT activities are aligned with the overall goals of the organization, ultimately providing value and mitigating risks associated with technology. The framework also offers maturity models and performance metrics to assess how well IT groups are managing risk and achieving business objectives.

While other frameworks mentioned, such as OWASP and NIST 800-53, are vital in their respective areas (application security and security controls for information systems), they do not encompass the broader business leadership perspective on IT risk, which is central to COBIT's mission. The Carnegie-Mellon Software Engineering Institute also does not specifically focus on framing IT risk from a business viewpoint but is more concerned with software development practices and methodologies. Thus, COBIT stands out as the framework that effectively articulates the linkage between