Which option is primarily designed to govern IT processes and alignment with business objectives?

Governing IT processes and ensuring they align with business objectives requires a framework that focuses on how IT is managed, governed, and measured across the enterprise. This is exactly what CobiT provides: a comprehensive governance and management framework for enterprise IT that defines processes, control objectives, and performance metrics tied to business goals, risk management, and value delivery. It helps ensure IT activities support strategy, optimize resources, and monitor outcomes, giving leadership a clear view of accountability and how IT contributes to the organization’s objectives. PCI-DSS, on the other hand, is a security standard aimed at protecting payment card data, not a broad governance framework for IT processes. COSO centers on internal control and enterprise risk management with a broader finance/operational focus, and while it informs governance, it isn’t IT-specific. ISO/IEC 27002 offers a catalog of information security controls, which is valuable for security practices but does not provide the governance structure that maps IT processes directly to business objectives.