Vulnerability and patch management are essential for maintaining security-leaving vulnerabilities unaddressed is like leaving your front door wide open. But how quickly must you patch to remain secure and compliant? Let's break it down.
When IT assets hit their sunset phase, most people would rather be anywhere else. But if you work for a financial institution, managing IT asset end-of-life (EOL) isn’t just a good idea; it’s a requirement.
How can you handle EOL without the stress? Let’s take a look.
On Tuesday, October 24, 2023, regulators published an updated version of the Ransomware Self-Assessment Tool (R-SAT). In this blog, we’ll discuss what the R-SAT is, what got updated, and what you need to do about it.
The purpose of this article is to put policies into a 360-degree mirror and shed some light on a few areas which may need a little care.
In this article, we will look at the top features to consider when evaluating a policies software solution, including features related to policy wording and structure, custom policies and categories, creating an acceptable use policy, download documents, and more.
This article looks at the NCUA's Cyber Incident Notification Rule, including the final rule's development, key details, and required actions for credit unions.
This article is an introduction to the new requirements released by Freddie Mac, as well as a summary of what’s new, what’s changed, and what you may need to do about it.
This article will tell you what you can expect in your 2023 exam and take you through a bit of the history of each acronym.
In this article, we answer the question, "What’s the difference between policies, standards, controls, and procedures?" by setting definitions, looking at guidance, and providing some examples.
There are a lot of ways to write a policy and there are equally as many things to avoid. At Tandem, when we sit down to write a policy, we break our policies into the following key sections.
While Boost’s practices vary from client-to-client, based on things like the institution’s size, risk, and complexity, their practices can be summed up in six steps.
