Which governance framework assists organizations in incident management by providing explicit controls?

The correct choice focuses on how the COBIT framework provides explicit controls that assist organizations in managing incidents effectively. COBIT, which stands for Control Objectives for Information and Related Technologies, is designed to help organizations develop, implement, and keep their IT governance aligned with business goals. Its framework emphasizes a comprehensive set of management and governance controls, including risk management and incident response, ensuring that organizations can systematically address and mitigate the impact of incidents.

The explicit controls offered by COBIT help organizations establish clear policies and procedures tailored to their specific needs, making it easier to manage incidents when they occur. This structured approach enables organizations to not just handle incidents but also assess their impact, reevaluate processes, and strengthen their overall governance in relation to information technology.

While frameworks like ITIL and ISO/IEC 20000 also support incident management, they do so more with a focus on service management and quality in IT services rather than providing a robust governance structure with explicit controls. NIST provides guidelines and standards, especially in a cybersecurity context, but it does not serve as a governance framework in the same capacity as COBIT does.