This principle corresponds to the CSF application stating that CSF profiles support flexibility in
content and structure, because both emphasize the need for tailoring the governance system to the
specific context and requirements of the enterprise12. The CSF profiles are based on the enterprise’s
business drivers, risk appetite, and current and target cybersecurity posture3. The COBIT 2019 design
factors are a set of parameters that influence the design and operation of the governance system,
such as enterprise strategy, size, culture, and regulatory environment4.
Reference: 1: COBIT | Control Objectives for Information Technologies | ISACA 2: COBIT 2019
Framework – ITSM Docs - ITSM Documents & Templates 3: Framework Documents | NIST 4:
Introduction to COBIT Principles - Testprep Training Tutorials
