Oblong, Inc. 10-K Cybersecurity GRC - 2024-03-19

Page last updated on April 11, 2024

Oblong, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-03-19 16:03:56 EDT.

Filings

10-K filed on 2024-03-19

Oblong, Inc. filed an 10-K at 2024-03-19 16:03:56 EDT
Accession Number: 0000746210-24-000009

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity Cybersecurity Risk Management and Strategy We have a multilayered framework for detecting, and responding to reasonably foreseeable cybersecurity risks and threats. To protect our information technology ( IT ), systems from cybersecurity threats, we use various tools that help prevent, detect, escalate, investigate, resolve, and recover from identified vulnerabilities and security incidents in a timely manner. In the event of a material change to our systems or operations, we would assess the internal and external threats to the security, confidentiality, integrity, and availability of our data and systems, along with other material risks to our operations. We leverage technical safeguards intended to protect the Company s information systems from cybersecurity threats, including firewalls, threat monitoring, intrusion prevention and detection systems, anti-malware, access controls, privilege management, network segmentation, asset and end point management, and ongoing system security assessments. We oversee third-party service providers by conducting vendor diligence and reviews on a regular basis. We monitor and evaluate our cybersecurity posture and performance on an ongoing basis through regular network scans, system audits, and assessing intelligence feeds. The results of these assessments are used to improve our security posture through remediation efforts. We have developed an incident management process designed to coordinate the activities to prepare to respond and recover from cybersecurity incidents, which include processes to triage, assess severity, investigate, escalate, contain, and remediate an incident, as well as to comply with potentially applicable legal obligations and mitigate any reputational damage. -24- Our business strategy, results of operations, and financial condition have not been materially affected as a result of previously identified cybersecurity incidents, but we cannot provide assurance that they will not be materially affected in the future by such risks or any future material incidents. For more information on our cybersecurity-related risks, see Item 1A, Risk Factors in this Annual Report. Governance Oblong s IT team is responsible for assessing and managing cybersecurity risks and has a depth of experience focused on increasing the organization’s resilience to security threats and stays current on new developments through monitoring of the cybersecurity landscape. Oblong s IT environment is monitored for potential security threats and security events are investigated and acted on to minimize potential risk to the environment. Oblong s Audit Committee engages in oversight of Oblong’s cybersecurity risks and receives regular updates from management on technology and security updates and Oblong s assessment of cybersecurity threats and mitigation plans. The Audit Committee oversees the processes over internal controls and financial reporting that includes controls and procedures that are designed to ensure that significant cybersecurity incidents are communicated to both senior management and the Audit Committee. In the event of a material cybersecurity incident affecting our IT systems or data management, the Audit Committee would promptly work to formulate a mitigation plan and review compliance with such plan, as well as to ensure compliance with any external regulatory or disclosure requirements, including any disclosures of material cybersecurity incidents.

Company Information