NORTHERN OIL & GAS, INC. 10-K Cybersecurity GRC - 2025-02-20

Page last updated on February 20, 2025

NORTHERN OIL & GAS, INC. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2025-02-20 16:06:23 EST.

Filings

10-K filed on 2025-02-20

NORTHERN OIL & GAS, INC. filed a 10-K at 2025-02-20 16:06:23 EST
Accession Number: 0001104485-25-000039

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity We have a cybersecurity risk management program to identify, monitor, and mitigate cybersecurity risks. The program consists of formal roles and responsibilities for information security and incident response, and is overseen by our IT Steering Committee , which consists of key executives and employees with guidance from our third-party cybersecurity vendor. Our enterprise risk management program considers cybersecurity risks alongside other company risks, and we consult with our cybersecurity vendor to gather information necessary to identify cybersecurity risks, evaluate their nature and severity, as well as identify mitigations and assess the impact of those mitigations on residual risk. In addition to continuous cyber monitoring, the IT Steering Committee participates in quarterly cyber updates with our cybersecurity vendor, which includes identification of new cyber risks and threats, reported vulnerabilities, trend analysis on attack vectors, and monitoring of risk mitigation activities. The Audit Committee has ultimate oversight of cybersecurity risks and our cybersecurity risk management program. Management provides cybersecurity program briefings to the Audit Committee on at least an annual basis, and more frequently if circumstances warrant. These briefings include assessments of cyber risks, the threat landscape, updates on any incidents, and reports on our investments in cybersecurity risk mitigation and governance. Management utilizes the National Institute of Standards and Technology (NIST) Cybersecurity Framework as a guideline to manage our cybersecurity risks and inform the Audit Committee on the overall progress of our information security program. We have a formal IT Security Policy to provide appropriate governance over information security including control requirements for change management and patching, multi-factor authentication, data backup, security monitoring, mobile device management and asset management. Management performs annual testing of security controls, including penetration testing from a different cybersecurity vendor that is independent of both our Company and the cybersecurity vendor that provides guidance on our overall cybersecurity program, and results are reported to the Audit Committee. In addition, management has a formal incident response plan and our cybersecurity vendor provides 24x7 monitoring/management of our infrastructure and systems. The incident response plan addresses the lifecycle of incidents including identification, response and recovery, and the plan is tested at least annually. In addition, we carry insurance that provides protection against the potential losses arising from cybersecurity incidents. Management maintains an inventory of third parties (e.g., vendors, consultants, etc., from whom we may face cybersecurity risk in connection with our relationship) and completes an annual third-party cyber risk assessment. In addition, employees participate in mandatory annual cybersecurity training and management conducts routine social engineering tests to monitor employees’ awareness of cyber risks and to train employees on how to identify potential cybersecurity risks. In the last two fiscal years, we have not experienced any material cybersecurity breach incidents . For additional information about our cybersecurity risks, please see “Item 1A. Risk Factors - We depend on computer and telecommunications systems, and failures in our systems or cybersecurity attacks could significantly disrupt our business operations.”

Company Information