NORTHERN OIL & GAS, INC. 10-K Cybersecurity GRC - 2024-02-23

Page last updated on July 16, 2024

NORTHERN OIL & GAS, INC. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-02-23 16:28:31 EST.

Filings

10-K filed on 2024-02-23

NORTHERN OIL & GAS, INC. filed a 10-K at 2024-02-23 16:28:31 EST
Accession Number: 0001104485-24-000045

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity We have a cybersecurity program to identify, monitor, and mitigate cybersecurity risks. The security program consists of formal roles and responsibilities for information security and incident response, and is overseen by our IT Steering Committee, which consists of key executives and employees, with guidance from our third-party cybersecurity vendor. Our enterprise risk management program considers cybersecurity risks alongside other company risks, and we consult with subject matter experts to gather information necessary to identify cybersecurity risks, evaluate their nature and severity, as well as identify mitigations and assess the impact of those mitigations on residual risk. In addition to continuous cyber monitoring, the IT Steering Committee participates in quarterly updates with cybersecurity experts which include reports from these experts on identification of new cyber risks and threats, reported vulnerabilities, trend analysis on attack vectors, and monitoring of risk mitigation activities. Management provides cybersecurity program briefings to the Audit Committee on at least an annual basis, and more frequently if circumstances warrant. These briefings include assessments of cyber risks, the threat landscape, updates on any incidents, and reports on NOG’s investments in cybersecurity risk mitigation and governance. We have a formal IT Security Policy to provide appropriate governance over information security including control requirements for change management and patching, multifactor authentication, data backup, security monitoring, mobile device management and asset management. Management performs annual testing of security controls and results are reported to the Audit Committee. In addition, management has a formal incident response plan and has contracted with a cybersecurity operations vendor to provide 24x7 monitoring/management of our infrastructure and systems. The incident response plan addresses the lifecycle of incidents including identification, response and recovery, and the plan is tested at least annually. In addition, we carry insurance that provides protection against the potential losses arising from a cybersecurity incident. Management maintains an inventory of third parties and completes an annual third-party cyber risk assessment. In addition, employees participate in mandatory annual cyber training and management conducts routine social engineering tests to monitor employees’ awareness of cyber risks and to train employees on how to identify potential cybersecurity risks. In the last fiscal two years, we have not experienced any material cybersecurity breach incidents. For additional information about our cybersecurity risks, please see “Item 1A. Risk Factors - We depend on computer and telecommunications systems, and failures in our systems or cybersecurity attacks could significantly disrupt our business operations.”


Company Information

NameNORTHERN OIL & GAS, INC.
CIK0001104485
SIC DescriptionCrude Petroleum & Natural Gas
TickerNOG - NYSE
Website
CategoryLarge accelerated filer
Fiscal Year EndDecember 30