Asset Entities Inc. 10-K Cybersecurity GRC - 2025-03-31

Page last updated on March 31, 2025

Asset Entities Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2025-03-31 17:23:15 EDT.

Filings

10-K filed on 2025-03-31

Asset Entities Inc. filed a 10-K at 2025-03-31 17:23:15 EDT
Accession Number: 0001213900-25-026431

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. CYBERSECURITY. Risk Management and Strategy The Company recognizes the critical importance of developing, implementing, and maintaining robust cybersecurity measures to safeguard our information systems and protect the confidentiality, integrity , and availability of our data. We maintain cybersecurity insurance coverage that provides protection against potential losses arising from certain cybersecurity incidents. In addition, we have developed the following processes as part of our strategy for assessing, identifying, and managing material risks from cybersecurity threats. Managing Material Risks and Integrated Overall Risk Management We have integrated cybersecurity risk management into our risk management processes. This integration is intended to ensure that cybersecurity considerations are part of our decision-making processes. We continuously evaluate and address cybersecurity risks in alignment with our business objectives and operational needs. We have adopted the standard 2FA (two factor authentication) for all our eData access (emails, online storage, etc.). In addition, all our applications and third-party applications have timed, authentication and environmental disposable cookie processes that force every user to reauthenticate their credentials. Our business transactional data includes dumb access controls that are vendor-specific, a set or specified range of costs, faceless entry point, and a unique 4FA (four factor authentication) process, protecting access to our banking and application systems. Moreover, our commitment to data security extends beyond industry standards through the implementation of advanced access controls. We have developed a sophisticated access control system, referred to as “dumb access controls,” which limits access to only specific vendors within a predefined range of costs. This system operates through a faceless entry point with a unique 4FA process, ensuring that access to sensitive banking or application systems is strictly controlled and virtually nonexistent for unauthorized entities. These comprehensive security measures not only protect our business transactional data but also uphold the integrity and confidentiality of our systems and information assets. 34 Engaging Risk Management Systems and Third-Party Consultant Recognizing the complexity and evolving nature of cybersecurity threats, we use risk management systems developed and tested by external experts, including cybersecurity assessors, consultants, and auditors. These risk management systems enable us to leverage specialized knowledge and insights as part of our cybersecurity strategies and processes. These systems are assessed and maintained with the assistance of third-party service providers, including a Technology Consultant engaged by the Company. Overseeing Third-Party Risk Because we are aware of the risks associated with third-party service providers, we implement processes to oversee and manage these risks. We conduct thorough security assessments of all third-party providers before engagement and maintain ongoing monitoring to ensure compliance with our cybersecurity standards. The monitoring includes regular assessments by our Chief Technology Officer. This approach is designed to mitigate risks related to data breaches or other security incidents originating from third parties. Risks from Cybersecurity Threats We have not encountered cybersecurity challenges that have materially affected or are reasonably likely to materially affect us, including our business strategy, results of operations, or financial condition. Governance Board of Directors Oversight Our board of directors oversees the management of risks associated with cybersecurity threats. Management’s Role Managing Risk The Company’s Chief Technology Officer, Chief Operating Officer, and Technology Consultant are primarily responsible for assessing, monitoring and managing our cybersecurity risks. Our Chief Technology Officer must ensure that all industry standard cybersecurity measures are functioning as required to prevent or detect cybersecurity threats and related risks. The Chief Technology Officer provides briefings on cybersecurity threats and related risks to our Chief Executive Officer on a regular basis. Our Chief Technology Officer has nine years of experience in the field of information technology. The Chief Technology Officer oversees and tests our compliance with standards, remediates known risks, and leads our employee training program. The Company’s Chief Technology Officer and Technology Consultant have extensive experience in cybersecurity and possess the necessary knowledge, skills, background, and experience. Monitoring Cybersecurity Incidents The Company’s Chief Technology Officer and Technology Consultant are continually informed about the latest developments in cybersecurity, including potential threats and innovative risk management techniques. The Chief Technology Officer and Technical Consultant implement and oversee processes for the regular monitoring of our information systems. This includes the deployment of industry-standard security measures and regular system audits to identify potential vulnerabilities. In the event of a cybersecurity incident, the Chief Technology Officer and Technical Consultant will implement an incident response plan. This plan includes immediate actions to mitigate the impact and long-term strategies for remediation and prevention of future incidents. Reporting to Board of Directors Significant cybersecurity matters, and strategic risk management decisions, will be escalated to the board of directors. 35

Company Information