CISO Global, Inc. 10-K Cybersecurity GRC - 2025-03-31

Page last updated on March 31, 2025

CISO Global, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2025-03-31 15:46:27 EDT.

Filings

10-K filed on 2025-03-31

CISO Global, Inc. filed a 10-K at 2025-03-31 15:46:27 EDT
Accession Number: 0001641172-25-001660

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. CYBERSECURITY We maintain a comprehensive process for identifying , assessing, and managing material risks from cybersecurity threats as part of our broader risk management system and processes. We obtain input, as appropriate, for our cybersecurity risk management program on the security industry and threat trends from multiple sources. Teams of dedicated security professionals oversee cybersecurity risk management and mitigation, incident prevention, detection, and remediation. Leadership for these teams are professionals with deep cybersecurity expertise across multiple industries, including our Chief Information Security Officer. Our executive leadership team, along with input from the above teams, are responsible for our overall enterprise risk management system and processes and regularly consider cybersecurity risks in the context of other material risks to the company. -29- As part of our cybersecurity risk management system, our incident management teams track and log security incidents across our company and our customers to remediate and resolve any such incidents. Significant incidents are reviewed by a cross-functional working group to determine whether further escalation is appropriate. Any incident assessed as potentially being or potentially becoming material is immediately escalated for further assessment and then reported to designated members of our senior management. We consult with outside counsel as appropriate, including on materiality analysis and disclosure matters, and our senior management makes the final materiality determinations and disclosure and other compliance decisions. Our management apprises our independent registered public accounting firm of matters and any relevant developments. The Audit Committee has oversight responsibility for risks and incidents relating to cybersecurity threats, including compliance with disclosure requirements, cooperation with law enforcement, and related effects on financial and other risks, and reports any findings and recommendations, as appropriate, to the full Board for consideration. Senior management regularly discusses cyber risks and trends and, should they arise, any material incidents with the Chief Information Security Officer. Our Chief Information Security Officer is accountable for our overall cybersecurity program in partnership with other business leaders. Our Chief Information Security Officer has extensive experience leading global technology and IT organizations. Team members and outside experts supporting our program have relevant education and information, including security for larger multi-national, publicly traded companies. Our Chief Information Security Officer has leading security certifications, including Certified Information Systems Security Professional (CISSP), memberships in professional associations in the International Information System Security Certification Consortium and Information Systems Security Association, an MBA in Management of Technology, and expertise in private, public and governmental entities. Our information security team remains abreast of the latest cybersecurity advancements, staying informed about potential threats and emerging risk management strategies. This continuous learning is vital for proactively preventing, detecting, mitigating, and remediating cybersecurity incidents. Our information security team is responsible for implementing and supervising processes for ongoing monitoring of our information systems, incorporating advanced security measures and regular system audits to pinpoint vulnerabilities. In the event of a cybersecurity incident, our information security team employs a well-defined incident response plan, comprising immediate actions to minimize impact and long-term strategies for remediation and prevention of future incidents. Our business strategy, results of operations and financial condition have not been materially affected by risks from cybersecurity threats, including because of previously identified cybersecurity incidents, but we cannot provide assurance that they will not be materially affected in the future by such risks or any future material incidents. For more information on our cybersecurity-related risks, see Item 1A Risk Factors of this Annual Report on Form 10-K.

Company Information