GSE SYSTEMS INC 10-K Cybersecurity GRC - 2024-04-02

Page last updated on April 11, 2024

GSE SYSTEMS INC reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-04-02 06:31:19 EDT.

Filings

10-K filed on 2024-04-02

GSE SYSTEMS INC filed an 10-K at 2024-04-02 06:31:19 EDT
Accession Number: 0001140361-24-017131

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. CYBERSECURITY . We acknowledge the increasing importance of cybersecurity in our operations and having processes in place to manage risks and threats associated with potential unauthorized occurrences on our information systems that could adversely affect the confidentiality, integrity, or availability of our information systems and data. We continuously invest in and enhance our cybersecurity infrastructure to mitigate risks and protect against unauthorized access, data breaches, and other cyber incidents that could disrupt our business or compromise sensitive information. We have implemented various cybersecurity measures to safeguard our information technology infrastructure and data assets: Governance and Oversight: The Audit Committee of the Board of Directors oversees risks from cybersecurity threats as part of its broader risk oversight responsibilities. The board recognizes the importance of cybersecurity in safeguarding the company s assets and operations. GSE s Risk Management Plan includes an assessment of, and mitigation plans related to, the operational risk of business disruption due to factors including cybersecurity breaches and related events. Risk Assessment and Management: Under the supervision of our chief technology officer, we conduct assessments of our IT systems and networks to identify potential vulnerabilities and threats to our systems and assets. Based on these assessments, we prioritize and allocate resources to mitigate cyber risks and reduce exposure. Security Controls and Technologies: Under the supervision of our chief technology officer, we employ a multi-layered approach to cybersecurity, deploying a suite of technologies to protect our endpoints, applications, data, and network. We in corporate various security controls and technologies such as firewalls, encryption mechanisms, next-generation anti-virus, multi-factor authentication and access controls. Furthermore, we invest in threat detection and prevention solutions to proactively identify and mitigate continuously changing cyber threats. Employee Training and Awareness: We recognize the critical role of employees in maintaining cybersecurity resilience. Accordingly, we provide cybersecurity training and awareness programs to educate employees about security best practices, phishing awareness, and the importance of safeguarding sensitive information. Incident Response and Business Continuity: In the event of a cybersecurity incident, we have established incident response protocols to facilitate timely detection, containment, and remediation. Additionally, we maintain business continuity and disaster recovery plans to minimize the impact of cyber incidents on our operations and stakeholders. Continuous Monitoring and Improvement: We continuously monitor and assess our cybersecurity posture to adapt to evolving threats and technologies. We conduct periodic reviews and assessments of our cybersecurity posture to identify gaps and implement enhancements to strengthen our defenses. Our commitment to cybersecurity is integral to our overall risk management strategy and reflects our dedication to protecting the confidentiality, integrity, and availability of our IT systems and data assets. We remain vigilant in addressing cybersecurity threats and adapting to emerging challenges to minimize the likelihood and impact of cyber threats and to safeguard our business operations and stakeholders interests. 26 Table of Contents

Company Information