Page last updated on July 16, 2024
Cinemark Holdings, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-02-16 06:46:15 EST.
Filings
10-K filed on 2024-02-16
Cinemark Holdings, Inc. filed a 10-K at 2024-02-16 06:46:15 EST
Accession Number: 0000950170-24-016143
Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!
Item 1C. Cybersecurity.
Item 1C. Cybersecurity Risk Management and Strategy. The Company has developed an information security program to address material risks from cybersecurity threats. The program includes policies and procedures that identify how security measures and controls are developed, implemented, and maintained. Risk-based analysis and judgment, along with a recognized security framework, are used to select security controls to address risks. During this process, the following factors, among others, are considered: likelihood and severity of risk, impact on the Company and others if a risk materializes, feasibility and cost of controls, and impact of controls on operations and others. Specific controls that are used to some extent include endpoint threat detection and response (EDR), identity and access management (IAM), privileged access management (PAM), logging and monitoring involving the use of security information and event management (SIEM), multi-factor authentication (MFA), firewalls and intrusion detection and prevention, and vulnerability and patch management. Third-party security firms are used in different capacities to provide or operate some of these controls and technology systems, including cloud-based platforms and services, as well as a security operations center. For example, third parties are used to conduct assessments, such as vulnerability scans and penetration testing. The 19 Company uses a variety of processes to address cybersecurity threats related to the use of third-party technology and services, including pre-acquisition diligence, imposition of contractual obligations, and performance monitoring. The Company has a written incident response plan and conducts tabletop exercises to enhance incident response preparedness. Business continuity and disaster recovery plans are used to prepare for the potential for a disruption in technology we rely on. The Company is a member of an industry cybersecurity intelligence and risk sharing organization. Employees undergo security awareness training when hired and annually. The Company (or third parties it relies on) may not be able to fully, continuously, and effectively implement security controls as intended. As described above, we utilize a risk-based approach and judgment to determine the security controls to implement, and it is possible we may not implement appropriate controls if we do not recognize or underestimate a particular risk. In addition, security controls, no matter how well designed or implemented, may only mitigate and not fully eliminate risks. And events, when detected by security tools or third parties, may not always be immediately understood or acted upon. Additionally, in Item 1A Risk Factors , under the heading of Risk Related to Information Security and Business Disruptions, forward-looking cybersecurity threats that could have a material impact on the Company are discussed. Those sections of Item 1A Risk Factors should be read in conjunction with this Item 1C Cybersecurity . Governance . The Chief Technology Officer (CTO) is the management position with primary responsibility for the development, operation, and maintenance of our information security program. The Company’s CTO, Doug Fay, has served as the Chief Technology Officer & Sr. Vice President for Cinemark since August 2006. Mr. Fay has a background in software engineering and application architecture and has worked in the information technology field since the early 1990s. The CTO routinely reviews risks and security measures and meets monthly with the general counsel, CFO, and Global Controller to review security measures and risks. Oversight of the information security program at the Board level sits with Audit Committee. Presentations regarding security measures and risks to the Audit Committee occur semi-annually. The Company’s incident response plan defines the process for escalating incidents based on level of severity to the management team and Audit Committee.
Item 1C Cybersecurity . Governance . The Chief Technology Officer (CTO) is the management position with primary responsibility for the development, operation, and maintenance of our information security program. The Company’s CTO, Doug Fay, has served as the Chief Technology Officer & Sr. Vice President for Cinemark since August 2006. Mr. Fay has a background in software engineering and application architecture and has worked in the information technology field since the early 1990s. The CTO routinely reviews risks and security measures and meets monthly with the general counsel, CFO, and Global Controller to review security measures and risks. Oversight of the information security program at the Board level sits with Audit Committee. Presentations regarding security measures and risks to the Audit Committee occur semi-annually. The Company’s incident response plan defines the process for escalating incidents based on level of severity to the management team and Audit Committee.
Company Information
Name | Cinemark Holdings, Inc. |
CIK | 0001385280 |
SIC Description | Services-Motion Picture Theaters |
Ticker | CNK - NYSE |
Website | |
Category | Large accelerated filer |
Fiscal Year End | December 30 |