Glimpse Group, Inc. 10-K Cybersecurity GRC - 2024-09-30

Page last updated on October 1, 2024

Glimpse Group, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-09-30 16:05:39 EDT.

Filings

10-K filed on 2024-09-30

Glimpse Group, Inc. filed a 10-K at 2024-09-30 16:05:39 EDT
Accession Number: 0001493152-24-038786

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. CYBERSECURITY Risk Management and Strategy Our cybersecurity risk management program is intended to protect the confidentiality, integrity, and availability of our critical IT systems, information and Intellectual Property (IP). Cybersecurity risks are among the risks evaluated and considered by, our broader enterprise risk management program, which is designed to identify, assess, prioritize and mitigate risks across the organization to enhance our resilience and support the achievement of our strategic objectives. Our cybersecurity risk management program is led by our Director of Information Technology, who is principally responsible for managing our cybersecurity risk assessment processes, our security controls, and our detection and response to cybersecurity incidents. Our program includes protocols for preventing, detecting and responding to cybersecurity incidents, and cross-functional coordination, and planning for business continuity and disaster recovery. We rely on our information security management system supported by a set of policies based upon industry frameworks, including the NIST Cybersecurity Framework. This does not imply that we meet any particular technical standards, specifications, or requirements, only that we use the NIST CSF as a guide to help us identify, assess, and manage cybersecurity risks relevant to our business. Our cybersecurity risk management program includes: ● Risk assessments designed to help identify material cybersecurity risks to our critical systems, information, products, services, and our broader enterprise IT environment. ● Security team principally responsible for managing (1) our cybersecurity risk assessment processes, (2) our security controls, and (3) our response to cybersecurity incidents; ● The use of external service providers, where appropriate, to assess, test or otherwise assist with aspects of our security controls. ● Cybersecurity awareness training of our employees, incident response personnel, and senior management. ● Cybersecurity incident response plan that includes procedures for responding to cybersecurity incidents. ● Third-party risk management process for service providers, suppliers, and vendors. ● We also have a cybersecurity incident response plan for the CIRT to assess and manage cybersecurity incidents, which includes escalation procedures based on the nature and severity of the incident including, where appropriate, escalation to the Board. As part of our overall risk mitigation strategy, we maintain insurance coverage that is intended to address certain aspects of cybersecurity risks; however, such insurance may not be sufficient in type or amount to cover us against claims related to cybersecurity breaches, cyberattacks and other related breaches. As of the date of this report, we do not believe that any risks from cybersecurity threats, have materially affected or are reasonably likely to materially affect our Company, including our business strategy, results of operations or financial condition. Despite our security measures, however, there can be no assurance that we, or third parties with which we interact, will not experience a cybersecurity incident in the future that will materially affect us. For more information on our cybersecurity related risks, see Item IA, “Risk Factors - “Cybersecurity risk.” 24 Governance Our Board has primary responsibility for oversight of our cybersecurity and other information technology risks, including our plans to mitigate cybersecurity risks and to respond to data breaches. The Board receives reports from our Director of Information Technology on cybersecurity matters on as needed basis. These reports can include a range of topics, including our cybersecurity risk profile, the current cybersecurity and emerging threat landscape, the status of ongoing cybersecurity initiatives, incident reports, and the results of internal and external assessments of our information systems. The Audit Committee also annually reviews the adequacy and effectiveness of our information and technology security policies and the internal controls regarding information and technology security and cybersecurity, and periodically receives updates. The Chair of the Audit Committee reports to the full Board on these discussions as appropriate. At the management level, our Director of Information Technology who is experienced in experienced cybersecurity matters, leads our enterprise-wide cybersecurity program, and is responsible for assessing and managing our materials risks from cybersecurity threats. In performing his role, our Director of Information Technology is informed about and monitors the prevention, detection, mitigation, and remediation of cybersecurity risks and incidents through the management of, and participation in, the cybersecurity risk management program and other processes described above, including the maintenance and execution of our cyber incident response plan. Our Director of Information Technology reports to our CFO/COO and to our CEO.

Company Information