WYTEC INTERNATIONAL INC 10-K Cybersecurity GRC - 2024-03-29

Page last updated on July 2, 2024

WYTEC INTERNATIONAL INC reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-03-29 13:42:30 EDT.


10-K filed on 2024-03-29

WYTEC INTERNATIONAL INC filed an 10-K at 2024-03-29 13:42:30 EDT
Accession Number: 0001683168-24-001864

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C Cybersecurity. Risk Management and Strategy In the ordinary course of our day-to-day business, we receive, process, use, store, and share digitally data, including user data as well as confidential, sensitive, proprietary, and personal information. Maintaining the integrity and availability of our information technology systems and this information, as well as appropriate limitations on access and confidentiality of such information, is important to our operations and business strategy. To this end, we have implemented a Security Incident Response Plan (“SIRP”) designed to assess, identify, and manage risks from potential unauthorized occurrences on or through our information technology systems that may result in adverse effects on the confidentiality, integrity, and availability of these systems and the data residing in them. Our SIRP is managed and monitored by a dedicated security/information systems team and includes mechanisms, controls, technologies, systems, policies, and other processes designed to prevent or mitigate data loss, theft, misuse, or other security incidents or vulnerabilities affecting the systems and data residing in them. Our SIRP is as follows: 1. Preparation -perform a risk assessment and identify sensitive assets. Our team includes an outside security/information systems team that provides managed services on a regular basis. 2. Identification -monitor information technology systems and detect deviations from normal operations and see if they represent actual security incidents. When an incident is discovered, collect additional evidence, establish its type and severity, and document the incident. 3. Containment -perform short-term containment, for example by isolating the network segment that is under attack; then focus on long-term containment, which involves temporary fixes to allow systems to be used in production, while rebuilding clean systems. 4. Eradication -remove malware from all affected systems, identify the root cause of the attack, and take action to prevent similar attacks in the future. 5. Recovery -bring affected production systems back online carefully, to prevent additional attacks. Test, verify, and monitor affected systems to ensure they are back to normal activity. 6. Lessons learned -no later than two weeks from the end of the incident, perform a retrospective of the incident. Prepare complete documentation of the incident, investigate the incident further, understand what was done to contain it, and determine whether anything in the incident response process could be improved. 14 Governance The audit committee of our board of directors (the “Audit Committee”) is responsible for overseeing cybersecurity risk and periodically updates our board of directors on such matters. The Audit Committee receives periodic updates from management regarding cybersecurity matters, and is notified between such updates regarding any significant new cybersecurity threats or incidents. We do not believe that there are currently any known risks from cybersecurity threats that are reasonably likely to materially affect us or our business strategy, results of operations, or financial condition.

Company Information

SIC DescriptionTelegraph & Other Message Communications
CategoryNon-accelerated filer
Smaller reporting company
Fiscal Year EndDecember 30