# Security Standards

What does the Step 3 in NIST 800-30 Rev.1 clarifies?

> Vulnerability Identification

Which of the following describes ISO 27003?

> ISMS Implementation

Which standard defines Management System Auditing?

> ISO 27007

Which U.S. standard covers risk assessment?

> NIST SP 800-30

What standard should you consult for managing incident response?

> ISO 27035

What is the acronym of GDPR?

> General Data Protection Regulation

PCI DSS is a proprietary information security standard for organisations that handle cardholder data.

> True

ISO 27035 describes incident management.

> True

Which U.S. standard should you consult to guide you in developing security policies?

> NIST SP 800-14

NIST SP 800-30 Rev.1 is a standard for conducting risk assessments.

> True