Regulations
1) Common regulations require phishing and security awareness training:
- PCI DSS
- ISO/IEC 27001 and 27002
- Sarbanes-Oxley (SOX)
- Health Insurance Portability & Accounting Act (HIPAA)
- CobiT
- FACTA – FTC Red Flags Rule
- Gramm-Leach Bliley Act
- Federal Information security Management Act (FISMA)
- NERC CIP
2) Common regulations require vulnerability assessments, penetration tests, or automated penetration testing:
- PCI DSS and PA DSS
- SOC 2
- ISO 27001
- HIPAA
- NIST
- GDPR
- CMMC
- OWASP 10
- CIS CIS Controls