AURA SYSTEMS INC 10-K Cybersecurity GRC - 2024-06-04

Page last updated on July 16, 2024

AURA SYSTEMS INC reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-06-04 17:00:41 EDT.

Filings

10-K filed on 2024-06-04

AURA SYSTEMS INC filed a 10-K at 2024-06-04 17:00:41 EDT
Accession Number: 0001213900-24-049745

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. CYBERSECURITY. Risk Management and Strategy The Company’s policies and practices are based on frameworks and standards that address risks through a comprehensive, cross-functional approach that assess, identify, monitor, and mitigate material risks from cybersecurity threats as part of the overall enterprise risk management (“ERM”) process. This includes the collection and storage of data, and being responsive to incidents as they occur. Further, the Company’s processes and technology are utilized to develop, implement, and maintain appropriate measures to safeguard information systems in protecting the integrity, availability, and confidentiality of data. Additionally, the Company engages certain third parties to assist in network monitoring and control testing, among other functions of similar capacity. The Company’s cybersecurity program focuses on the following areas: ● Technological safeguards that are designed to protect the Company’s information systems from cybersecurity threats, including the prevention and detection of systems, access controls, and firewalls, which the Company assesses the vulnerability and cybersecurity threat and makes necessary improvements. ● Utilization of third parties as part of the Company’s risk-based approach in identifying and overseeing cybersecurity risks. ● The Company maintains an incident plan that addresses the Company’s response to a cybersecurity event, which is periodically reviewed and updated. While the Company is working to adopt the National Institute of Standards and Technology (“NIST”) cybersecurity framework, the Company’s on-going investment in information systems and utilization of external 3rd parties represents the best means for extensively testing both the design and operational effectiveness of cybersecurity controls, and to ensure continuity and functionality of the Company’s operating systems. As of the date of this report, the Company has not experienced any material cybersecurity events. However, the presence of new or more advanced forms of cybersecurity threats could have a material and adverse impact on the business, results of operations, and financial position. For further discussion relating to this topic, see Item 1A. Risk Factors “The Company’s information technology systems may be negatively affected by cybersecurity threats.” Governance The Audit Committee of the Board of Director’s has the responsibility of overseeing the Company’s cybersecurity risks. The Chief Financial Officer provides periodic updates to the Board of Director’s regarding actions taken to mitigate the Company’s exposure and protection to cybersecurity risks. Management routinely evaluates the Company’s security processes, procedures, and systems to determine if enhancements are needed to reduce the possibility of a future cybersecurity event. This includes safeguards implemented by the Company, such as a multi-factor authentication process for remote access to systems; restricted firewall settings; network monitoring, email phishing tests, and enhancing the Company’s backup recovery strategy, among others. The IT Director is responsible for assessing, monitoring, and managing the Company’s cybersecurity risks. The IT Director, along with members of management, inform the Audit Committee on cybersecurity risks by providing periodic updates regarding (i) Status of ongoing cybersecurity initiatives and strategies, (ii) The overall state of the Company’s security program and potential exposure to risks, and (iii) Incident reports and learning from any cybersecurity events. Further, the IT Director maintains an open dialog regarding any significant developments in cybersecurity risks, ensuring the Audit Committee’s oversight is proactive and responsive. In addition to periodic updates to the Audit Committee, the IT Director, in his capacity, regularly informs the Chief Executive Officer (“CEO”) and the Chief Financial Officer (“CFO”) regarding matters related to cybersecurity risks and incidents. This ensures the highest level of management are informed of potential risks associated with cybersecurity that could have a material and adverse effect on the Company.

Company Information