In February 2026, the Federal Financial Institutions Examination Council (FFIEC) updated their IT Examination Handbook to remove all references to reputation risk. What has changed and what do these updates mean for your financial institution? Let’s take a look.
What counts as an information asset? How do you evaluate risk at the information asset level? If you’ve asked any of those questions, this guide walks you through an asset-based risk assessment approach.
On September 16, 2025, the National Credit Union Administration (NCUA) announced an update to their Automated Cybersecurity Examination Toolbox (ACET). Here’s an overview of what’s new.
On September 1, 2025, Texas Senate Bill 2610 (SB 2610) went into effect. This new law was designed to support small businesses by creating a legal “safe harbor” for those that proactively adopt strong cybersecurity practices. Here’s what you need to know.
A cybersecurity control self-assessment is a process in which an organization benchmarks its own security practices against established standards. But what does that mean exactly?
Learn the complementary, but distinct differences between a risk assessment and a cybersecurity assessment, and how they both contribute to understanding an organization’s security posture.
The NIST Cybersecurity Framework (CSF) is a widely adopted, flexible framework that can help organizations assess their cyber readiness. You might find yourself asking questions like "Where do I start?" This blog is here to walk you through those common questions.
With the FFIEC retiring the CAT, we surveyed 400+ financial institutions to reveal how they plan to transition and which cybersecurity frameworks they prefer next.
On April 8, 2025, a final rule from the DOJ went into effect on the security of personal and government related data. While this rule applies broadly, let's take a look at the terms and requirements as they relate to financial institutions.
The Department of Justice recently finalized a new rule requiring anyone who is performing "restricted transactions" to implement a Data Compliance Program by October 6, 2025. Let's take a look at how you can build this Data Compliance Program with Tandem.
Learn the capabilities and limitations of AI, as well as the current cybersecurity threats and applicable controls.
