Armlogi Holding Corp. 10-K Cybersecurity GRC - 2024-09-26

Page last updated on September 26, 2024

Armlogi Holding Corp. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-09-26 08:00:22 EDT.

Filings

10-K filed on 2024-09-26

Armlogi Holding Corp. filed a 10-K at 2024-09-26 08:00:22 EDT
Accession Number: 0001213900-24-081967

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity. Risk Management and Strategy We promote a company-wide culture of cybersecurity risk management to ensure that cybersecurity risk considerations are an integral part of decision-making at every level. We have implemented cyber defenses to safeguard our information systems and protect the confidentiality, integrity and availability of our data. We continuously evaluate and refine our cybersecurity risk management practices to ensure they align with our business objectives and operational needs. Our cybersecurity risk management program is comprehensive in scope and covers the systems supporting our business. Our cybersecurity risk management program includes: ● Risk Identification : We maintain an updated inventory of critical digital assets and leverage internal assessments and external threat intelligence to monitor and protect against emerging threats. We conduct periodic scans and audits identify vulnerabilities in our systems. ● Risk Assessments : We evaluate cyber threats such as data breaches, ransomware, and insider threats through threat modeling and business impact analysis. Prioritizing risks based on potential operational disruption ensures timely mitigation of critical threats. ● Risk Mitigation : We implement layered security controls, including firewalls, encryption, multi-factor authentication, and network segmentation. Patch management, access controls, and a robust incident response plan ensure proactive risk reduction and rapid recovery from incidents. ● Risk Monitoring and Review : We implement tools to continuously monitor network traffic, system logs, and user activities to detect threats in real-time. Regular audits and metrics help identify gaps, track performance, and strengthen our cybersecurity posture. As of the date of this annual report, we are not aware of any cybersecurity incidents, that have had a materially adverse effect on our operations, business, results of operations, or financial condition. Governance Our board of directors (the “Board”) oversees cybersecurity risk as part of its broader risk management responsibilities. The Board considers cybersecurity a critical component of our organization’s risk management framework. The Board is responsible for approving the cybersecurity strategy, ensuring that sufficient resources are allocated to cybersecurity initiatives, and monitoring compliance with relevant regulations and industry standards. The Board also receives regular updates from management on cybersecurity risks, incidents, and the overall effectiveness of our cybersecurity programs, ensuring alignment between cybersecurity objectives and business goals. Management, along with our Chief Information Security Officer, Larry Chen is responsible for developing the cybersecurity strategy and supervising our cybersecurity risk management program, leading the cybersecurity team and coordinating responses to incidents and breaches, and managing relationships with regulators, auditors, and third-party vendors regarding cybersecurity matters. Our IT and security teams support these efforts by managing day-to-day operations, including threat detection, incident response, patch management, and system monitoring, ensuring that cybersecurity risks are actively managed and mitigated across our Company. The management team supervises efforts to prevent, detect, mitigate, and remediate cybersecurity risks and incidents through various means, which may include briefings from internal IT and security teams; threat intelligence and other information obtained from governmental, public or private sources; and alerts and reports produced by security tools deployed in the IT environment. Our cybersecurity incident response plan governs our assessment and response upon the occurrence of a material cybersecurity incident, including the process for informing senior management and our Board of Directors. 28

Company Information