Mawson Infrastructure Group Inc. 10-K Cybersecurity GRC - 2024-03-29

Page last updated on April 11, 2024

Mawson Infrastructure Group Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-03-29 21:00:26 EDT.

Filings

10-K filed on 2024-03-29

Mawson Infrastructure Group Inc. filed an 10-K at 2024-03-29 21:00:26 EDT
Accession Number: 0001213900-24-028158

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. CYBERSECURITY. We recognize the importance of assessing, identifying, and managing risks associated with cybersecurity threats. Accordingly, we address these risks by implementing and maintaining processes, and technologies designed to prevent, detect, and mitigate incidents that could pose cybersecurity risk. We are equally subject to various cybersecurity risks that could adversely affect our business, financial condition, and results of operations, including intellectual property theft fraud extortion harm to employees or customers interruption of business activities and activities of our customers, violation of privacy laws and other litigation and legal risk and reputational risk. In adopting our risk assessment and management program, we are committed to safeguarding our systems and data. We have implemented a risk-based approach, guided by Federal Information Processing Standards Publication 199, to identify, classify, and appropriately assess the range of cybersecurity threats that could affect our business and information systems. We also rely on information technology and third-party vendors to support our operations, including our secure processing of personal, confidential, sensitive, proprietary, and other types of information. Our cybersecurity risk management program is integrated into our overall enterprise risk management program, and shares common methodologies, reporting channels, and governance processes that apply across the enterprise risk management program to other legal, compliance, strategic, operational, and financial risk areas. Additionally, we monitor emerging laws, industry standards, and regulations related to information security and data protection. Although we have not experienced any cybersecurity incidents or threats that have materially affected or are reasonably likely to materially affect our business strategy, results of operations, or financial condition to date, and though we are actively monitoring our networks and access points by implementing security updates regularly, we cannot provide any assurance that there will not be incidents or threats in the future that may materially affect us, including our business strategy, results of operations, or financial condition. Pursuant to our risk management policy, responsibility for the implementation of our risk management policy resides with the Chief Financial Officer. The Audit Committee receives an update on the Company s risk management process, risk trends and any incidents at least annually from the management team. In the event of any incident, the Company expects to notify the Audit Committee immediately, or as soon as possible. Our cybersecurity policies, standards, processes, and practices are regularly assessed. These assessments incorporate various activities including information security assessments and independent reviews of our information security control environment and operating effectiveness. We utilize managed detection and response systems, endpoint protection, content filtering aimed at blocking malware and software to eliminate phishing, ransomware, and fraud. We also utilize multi-factor authentication on all sensitive applications and information entry-points, review access to data regularly, and have failover-protected business disaster recovery and backup storage systems. The Company conducts cybersecurity training and testing programs regularly. 25

Company Information