The concepts involved in promoting a mature structure for software platforms and applications can be quite intricate. Enterprises worldwide face challenges related to managing their critical assets, establishing service definitions and service-level agreements (SLAs), and developing a management system to keep track of all their assets.1 Therefore, enterprises must be methodical and examine their asset management capabilities from the perspectives of risk optimization, resource planning, and benefits realization. Considerations include communicating incidents and issues to stakeholders, managing software licenses, adhering to maintenance schedules, and potentially using remote access services for troubleshooting and diagnostic purposes.2, 3 Notably, there is a growing dependence on third parties and a need to ensure the existence of security and privacy controls via administrative and technical safeguards and countermeasures. Ultimately, this means that enterprises need to establish mature inventories of their software platforms and applications and tailor their governance systems based on their strategies, goals, risk profiles, and current IT issues.4, 5
The COBIT® governance framework and the frameworks devised by the US National Institute of Standards and Technology (NIST), the International Organization for Standardization (ISO), and the Center for Internet Security (CIS) can be used to address common issues facing enterprises from the vantage point of governance cybersecurity.6, 7 A combination of strategic, operational and tactical controls can be used to address pain points such as obtaining senior management buy-in and stakeholder engagement and securing business processes via modern technologies and security best practices.8, 9, 10, 11 Subsequently, COBIT’s design factors can be used to replicate real-life scenarios that commonly occur in enterprises.12
