Which frameworks are commonly used for compliance in information security?

The correct choice highlights frameworks that are specifically designed for compliance in information security. ISO/IEC 27001 is an internationally recognized standard that outlines the requirements for an information security management system (ISMS), ensuring that organizations systematically manage sensitive information to keep it secure.

NIST SP 800-53 provides a catalog of security and privacy controls for federal information systems and organizations, which is essential for meeting various compliance requirements. Payment Card Industry Data Security Standard (PCI DSS) sets security standards for organizations that handle credit card transactions, establishing guidelines to ensure payment information is secure.

COBIT (Control Objectives for Information and Related Technology) is a framework for developing, implementing, monitoring, and improving IT governance and management practices, aiding organizations in meeting compliance requirements.

The other choices include frameworks and guidelines that, while important in their respective areas, do not primarily serve as compliance frameworks in information security. For instance, SWIFT, KYC, and AML are more focused on financial transactions and regulatory compliance but are not specific to information security standards. ITIL is a framework for IT service management, and Agile and SCRUM pertain to software development methodologies rather than compliance. Lastly, ISO 9001 and TQM relate to quality management systems, while CMMI is