Liberty TripAdvisor Holdings, Inc. 10-K Cybersecurity GRC - 2024-02-16

Page last updated on April 11, 2024

Liberty TripAdvisor Holdings, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-02-16 17:27:30 EST.

Filings

10-K filed on 2024-02-16

Liberty TripAdvisor Holdings, Inc. filed an 10-K at 2024-02-16 17:27:30 EST
Accession Number: 0001558370-24-001313

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C in their 2023 Form 10-K filed on February 16, 2024. I-35 Table of Contents Governance Role of the Board of Directors Our Board of Directors has overall responsibility for risk oversight and has delegated to the Audit Committee primary enterprise risk oversight responsibility, including privacy and cybersecurity risk exposures, policies and practices, the steps management takes to detect, monitor and mitigate such risks and the potential impact of those exposures on our business, financial results, operations and reputation. The Audit Committee receives quarterly updates on the enterprise risk management program, including cybersecurity risks and the initiatives undertaken to identify, assess and mitigate such risks. This cybersecurity reporting may include threat and incident reporting, vulnerability detection reporting, risk mitigation metrics, systems and security operations updates, employee education initiatives, and internal audit observations, if applicable. In addition to the efforts undertaken by the Audit Committee, the full Board of Directors regularly reviews matters relating to cybersecurity risk and cybersecurity risk management. Any material cybersecurity events would be brought to the attention of the full Board of Directors once the event is deemed material. We additionally use our incident response framework as part of the process we employ to keep our management and Board of Directors informed about and monitor the prevention, detection, mitigation, and remediation of cybersecurity incidents. Role of Management Through our services agreement with Liberty Media, we have established a cross functional Information Security Steering Committee ( ISSC ) with executives from our Legal, Accounting, Internal Audit and Risk Management, Cybersecurity and Facilities departments. The ISSC has management oversight responsibility for assessing and managing technology and operational risk, including information security, fraud, vendor, data protection and privacy, business continuity and resilience, and cybersecurity risks at the corporate level. The ISSC receives regular reports and updates from Tripadvisor regarding their cybersecurity risk management activities and, if any, incidents that have occurred. Tripadvisor also has executive oversight committees responsible for assessing and managing cybersecurity risk as part of their enterprise risk management and compliance programs. Tripadvisor has designated the Compliance Committee and Chief Compliance Officer ( CCO ) with day-to-day management and oversight of corporate compliance initiatives, including cybersecurity. The Tripadvisor Compliance Committee consists of, among others, the Chief Financial Officer, Chief Legal Officer and CCO. The CCO has further established an Information Governance and Privacy Committee responsible for oversight of privacy and cybersecurity risks. The Information Governance and Privacy Committee consists of the Chief Information Security Officer ( CISO ) and CCO, as well as representatives from engineering, product development and data privacy. The Information Governance and Privacy Committee meets regularly to discuss and monitor information uses and governance and risks associated with Tripadvisor s information assets, including prevention, detection, mitigation and remediation of risks from cybersecurity threats. Our management team s experience includes a diverse background in telecom and other industries, with decades of experience in various aspects of cybersecurity. Liberty Media s Head of Cybersecurity has more than 25 years of cybersecurity and information technology experience and holds Certified Information Security Manager and Certified in Risk and Information System Control certifications. Tripadvisor s CISO is a Certified Information Security Systems Professional with more than 15 years of experience in building and leading information security teams. Both have worked at a variety of companies, including large publicly-traded companies, implementing and managing IT and cybersecurity programs and teams, developing tools and processes to protect internal networks, customer payment systems and telecommunications networks used by customers to transmit data.

Company Information