DecisionPoint Systems, Inc. 10-K Cybersecurity GRC - 2024-04-01

Page last updated on April 11, 2024

DecisionPoint Systems, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-04-01 08:00:52 EDT.

Filings

10-K filed on 2024-04-01

DecisionPoint Systems, Inc. filed an 10-K at 2024-04-01 08:00:52 EDT
Accession Number: 0001213900-24-028228

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. CYBERSECURITY We take a comprehensive approach to managing cybersecurity risk, starting with the integration of cybersecurity risk into our overall enterprise risk management framework, among other significant risks to the Company. Board Oversight Our Board of Directors holds the ultimate responsibility for overseeing risks to the Company. To support this governance, a Steering Committee, composed of members of management, including our Director of IT and certain members of the Board, assists with the specific focus on cybersecurity risks. Management provides the Board with comprehensive cybersecurity updates at least annually. The Steering Committee thoroughly monitors the quality and effectiveness of the Company s cybersecurity program. This encompasses the security of our internal information technology systems, products, and solutions, as well as our cyber incident response plan and resources. To stay informed, the Steering Committee receives regular updates from management on cybersecurity initiatives. These updates cover prevention, detection, mitigation, and remediation of cyber threats, along with the overall health of the Company s cybersecurity program, results of third-party assessments, and the latest cyber threat trends. Additionally, the Steering Committee reviews the Company s cybersecurity policies and methodologies to ensure continual service improvements. This demonstrates a company commitment to not only maintaining the existing cybersecurity framework but also proactively identifying and implementing enhancements. Management s Role and Experience Our Director of IT, along with other members of management are responsible for day-to-day cyber risk management activities, including proactively identifying, assessing, prioritizing, managing and mitigating enterprise cybersecurity risks. This e ncompasses several key functions: Risk Identification and Assessment: Management must work to continuously identify potential cyber threats and vulnerabilities across the organization s systems, networks, and data. Regular assessments analyze the likelihood and potential impact of these threats. Prioritization and Response: Based on assessments, management must prioritize risk mitigation efforts, allocating resources effectively. This includes developing strategies to counter or reduce high-priority risks and implementing appropriate security controls. Oversight and Implementation: Management oversees the implementation and enforcement of cybersecurity policies, procedures, and technical safeguards. This requires clear communication to employees and ongoing monitoring of compliance. Incident Response Planning: Having a comprehensive and well-rehearsed incident response plan is crucial to minimize damage during a breach. Management plays a vital role in developing this plan, training personnel, and guiding the response when needed. 17 Employee Education and Awareness: Management establishes a cybersecurity-aware culture within the organization. This is done through regular training, awareness campaigns, and promoting a sense of shared responsibility for security. Vendor Management: Third-party vendors can introduce risks. Management must ensure vendors adhere to the Company s cybersecurity standards and assess their security practices throughout the partnership. Our Director of IT is the senior-most security professional responsible for the implementation of the Company s cybersecurity, product security, and corporate/physical security programs, and reports to the Senior Vice President of Managed Services. He has over 20 years of cybersecurity experience. Cybersecurity Risk Management The underlying controls of our cyber risk management program are based on recognized best practices and standards for cyber security and information technology, including the National Institute of Standards and Technology Cybersecurity Framework. Our approach to cybersecurity risk management includes the following key elements: Endpoint Protection: Antivirus and Endpoint Detection and Response (EDR) solutions are deployed on all company computer assets, combined with Remote Endpoint Management for centralized monitoring and control. Network Defense: Next-Generation Firewalls with Unified Threat Management provide perimeter security, while Microsoft 365 protection and Microsoft Defender enhance cloud-based safeguards especially email. Centralized Monitoring: We leverage Security Information and Event Management (SIEM) solutions like Microsoft Sentinel for real-time threat detection and response. Identity and Access Management: We have strict password policies which include multi-factor authentication. Education and Awareness: Mandatory Security Awareness Training educates our workforce on best practices and evolving cyber threats performed annually. Third-Party Risk Management (TPRM): Our TPRM function focuses on regular external vulnerability and security assessments by a network of expert partners provide an objective evaluation of our security posture. There have been no material cybersecurity threats and incidents incurred to-date at the Company. However, there can be no guarantee that our policies and procedures will be followed in every instance or that those policies and procedures will be effective. Cybersecurity threats could materially affect our business strategy, results of operations, or financial condition, as further discussed in the risk factors in Part I, Item 1A of this report.

Company Information