Magyar Bancorp, Inc. 10-K Cybersecurity GRC - 2024-12-19

Page last updated on December 19, 2024

Magyar Bancorp, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-12-19 16:07:21 EST.

Filings

10-K filed on 2024-12-19

Magyar Bancorp, Inc. filed a 10-K at 2024-12-19 16:07:21 EST
Accession Number: 0001174947-24-001365

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. Cybersecurity The Board of Directors and Information Security Officer are responsible for overseeing the Information Security Program. The Board of Directors receives reports from, and oversees, IT Risk Assessment, Cybersecurity Risk Assessment, Annual IT Program Status Report, Vendor Management Risk Assessment, and Internal Vulnerability Reports and current Cyber Events briefings. The Board of Directors also makes budgeting, procedure, and policy decisions designed and intended to improve the Company’s residual risk. The Technology and Security Committee consists of the Company’s senior management, the IT Management, and business unit management. The primary function of the Technology and Security Committee is to perform Strategic Planning, discuss hardware and software replacement, new projects, current cybersecurity threats, and ongoing cybersecurity issues and threats. The IT Director provides an IT status report to the Board of Directors on a Monthly basis. The Company has adopted an Incident Response Plan (the “Plan”) to monitor, detect, mitigate and remediate cybersecurity incidents. The Plan requires that business unit management have a working knowledge of the Company’s Information Security Program and Incident Response Policies. Pursuant to the Plan, the IT Director identifies information owners for sensitive customer information and creates an incident response team. Each Department Manager, upon notification of a potential unauthorized access, manipulation of data or theft of any item identified under the Gramm-Leach-Bliley Act (the “GLBA”) Inventory and Asset Classification, is responsible for further assessing the situation in order to document the suspected or actual breach, and forward the appropriate documentation to IT Management. The documentation of the suspected or actual incident includes the following: (a) Identify the nature and scope of the incident; (b) Identify the information systems affected; (c) Identify the types of customer information potentially affected. Once the Incident Response Team has determined that unauthorized access, manipulation of data or theft of any item identified under GLBA Inventory and Asset Classification has occurred, Executive Management, the Information Security Officer, the Compliance Officer and the Information Technology Management must be contacted immediately. If theft of any item identified under GLBA Inventory and Asset Classification has occurred, and it cannot be determined what specific information was included on the Asset, the Asset is treated as if it contained sensitive customer information and Senior Management, the Information Security Officer, the Compliance Officer and Information Technology Management must be contacted immediately. If Management declares an incident or if there is a confirmed theft or loss of customer information, appropriate regulatory authorities, law enforcement, and legal counsel are notified. 18 During the fiscal year ended September 30, 2024, the risks from cybersecurity threats, including as a result of any previous cybersecurity incidents, have not materially affected the Company, its business strategy, results of operations, or financial condition.


Company Information

NameMagyar Bancorp, Inc.
CIK0001337068
SIC DescriptionSavings Institution, Federally Chartered
TickerMGYR - Nasdaq
Website
CategoryNon-accelerated filer
Smaller reporting company
Fiscal Year EndSeptember 29