Page last updated on September 11, 2024
IF Bancorp, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-09-11 14:01:27 EDT.
Filings
10-K filed on 2024-09-11
IF Bancorp, Inc. filed a 10-K at 2024-09-11 14:01:27 EDT
Accession Number: 0001193125-24-217171
Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!
Item 1C. Cybersecurity.
ITEM 1C. CYBERSECURITY The Company has established an Information Security Program (ISP) and various related policies, controls and procedures, to assess, identify and mitigate risks from cybersecurity threats. The ISP is based on the National Institute of Standards and Technology Cybersecurity Framework. Critical information assets and processes have been identified, and internal and third-party controls have been implemented to prevent and detect external attacks. These controls include computer scanning, intrusion prevention services, firewalls, end-point detection and response, data loss prevention, access controls, internal and external penetration testing, security monitoring, anti-virus, internet content filtering, server event logging, and firewall event management. Publications from FS-ISAC, SANS Institute and US-CERT are reviewed, and alerts are monitored daily. Our Business Continuity Plan includes the documented and tested critical steps required to recover a system or software application in the event of a cybersecurity incident. The ISP is reviewed and modified at least annually, or whenever required to respond to changes in cybersecurity conditions. The Executive Vice President and Information Security Officer, and the Executive Vice President and Chief Operating Officer are primarily responsible for managing the ISP. The Information Technology Committee, whose members include the CEO and senior management from loan operations, deposit operations, and accounting in addition to the EVP Chief Operating Officer and EVP Information Security Officer, provide support and enforcement of the ISP. The Committee meets quarterly to review and approve ISP related policies, procedures, and controls including disaster recovery, incident response, and cybersecurity. The Committee monitors risk management practices and procedures, external vulnerability testing and internal staff information security training and testing. Members are responsible for ensuring compliance with all ISP related policies, controls and procedures within their respective departments or functions. The Board of Directors reviews and approves the ISP. The EVP and Information Security Officer reports to the Board at least annually. The report includes material matters related to the ISP, addressing issues such as risk assessment and management, implementation of internal controls to detect and protect against cybersecurity threats, third-party cybersecurity controls, test results, staff and board training, security breaches or violations and management responses, and recommendations for changes in the ISP. The EVP and Information Security Officer and EVP Chief Operating Officer each have over 20 years’ experience managing information security and cybersecurity programs.
Company Information
| Name | IF Bancorp, Inc. |
| CIK | 0001514743 |
| SIC Description | Savings Institution, Federally Chartered |
| Ticker | IROQ - Nasdaq |
| Website | |
| Category | Non-accelerated filer Smaller reporting company |
| Fiscal Year End | June 29 |