Which standards are commonly applied in IT security?

The standards commonly applied in IT security include ISO/IEC 27001, NIST SP 800-53, and PCI DSS.

ISO/IEC 27001 is an international standard focusing on information security management systems (ISMS), which help organizations manage and protect their information assets. It provides a framework for establishing, implementing, maintaining, and continuously improving an information security management system, allowing for systematic risk management.

NIST SP 800-53, developed by the National Institute of Standards and Technology, provides a catalog of security and privacy controls for federal information systems and organizations. This framework helps organizations to manage their security risks effectively by offering comprehensive guidelines on security controls.

PCI DSS (Payment Card Industry Data Security Standard) outlines requirements for any organization that stores, processes, or transmits credit card information. Its primary purpose is to protect cardholder data and ensure a secure environment.

These three standards are particularly relevant to IT security as they provide established frameworks and controls that organizations can implement to safeguard their information and assets against threats and vulnerabilities. Other options contain frameworks and guidelines that, while relevant to the broader context of IT management and project management, do not specifically focus on IT security standards.