Notable Labs, Ltd. 10-K Cybersecurity GRC - 2024-04-11

Page last updated on April 11, 2024

Notable Labs, Ltd. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-04-11 17:00:40 EDT.

Filings

10-K filed on 2024-04-11

Notable Labs, Ltd. filed an 10-K at 2024-04-11 17:00:40 EDT
Accession Number: 0001493152-24-014342

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. CYBERSECURITY Governance Board and Audit Committee Oversight Our Board of Directors has delegated to the Audit Committee the oversight responsibility to review and discuss with management the Company s privacy and data security, including cybersecurity, risk exposures, policies and practices, and the steps management has taken to detect, monitor and control such risks and the potential impact of those exposures on our business, financial results, operations and reputation. The Audit Committee receives reports and presentations on privacy and data security, which address relevant cybersecurity issues and risks and span a wide range of topics. These reports and presentations are provided by Director of Information Technology. In addition to reports to the Audit Committee, we have protocols by which certain security incidents are escalated within the Company and, where appropriate, reported in a timely manner to the Audit Committee. Director of Information Technology The Director of Information ( DIT ) is charged with management-level responsibility for all aspects of network and information security within the Company. The DIT is responsible for: establishing the policies, standards and requirements for the security of Notable s computing and network environments protecting Notable owned and managed assets and resources against unauthorized access by monitoring potential security threats, correlating network events, and overseeing the execution of corrective actions promoting compliance with Notable s security policies and network and information security program in a consistent manner on network systems and applications and providing security thought leadership in the security arena. Our DIT plays the key management role in assessing and managing our material risks from cybersecurity threats. The DIT has extensive technical leadership experience and cybersecurity expertise, gained from approximately 20 years of experience, including serving in senior roles in both private and public companies as Cloud system architect and network engineer specializing in technical design and implementation of data and cloud security for a Fortune 500 company. Risk Management and Strategy We maintain a network and information security program that is reasonably designed to protect our information, and that of our customers, from unauthorized risks to their confidentiality, integrity, or availability. Our program encompasses policies, platforms, procedures, and processes for assessing, identifying, and managing risks from cybersecurity threats, including third-party risk from vendors and suppliers and the program is generally designed to identify and respond to security incidents and threats in a timely manner to minimize the loss or compromise of information assets and to facilitate incident resolution. We maintain continuous and near-real-time security monitoring of the Notable network for investigation, action and response to network security events. This security monitoring leverages tools, where available, such as near-real-time data correlation, situational awareness reporting, active incident investigation, case management, trend analysis and predictive security alerting. We assess, identify, and manage risks from cybersecurity threats through various mechanisms, which from time to time may include tabletop exercises to test our preparedness and incident response process, business unit assessments, control gap analyses, threat modeling, impact analyses, internal audits, external audits, penetration tests and engaging third parties to conduct analyses of our information security program. We conduct vulnerability testing and assess identified vulnerabilities for severity, the potential impact to Notable and our customers, and likelihood of occurrence. We regularly evaluate security controls to maintain their functionality in accordance with security policy. We also obtain cybersecurity threat intelligence from recognized forums, third parties, and other sources as part of our risk assessment process. In addition, as a critical infrastructure entity, we collaborate with numerous agencies help protect networks and critical infrastructure, which, in turn, informs our cybersecurity threat intelligence. 75 With respect to incident response, the Company has adopted a Cybersecurity Incident Response Plan, as well as a Data Privacy Incident Response Plan that applies if customer information has been compromised (together, the DIRPs ), to provide a common framework for responding to security incidents. This framework establishes procedures for identifying, validating, categorizing, documenting and responding to security events that are identified by or reported to the DIT. The DIRPs apply to all Notable personnel (including contractors and partners) that perform functions or services that require securing Notable information and computing assets, and to all devices and network services that are owned or managed by the Company. The DIRPs set out a coordinated, multi-functional approach for investigating, containing, and mitigating incidents, including reporting findings to senior management and other key stakeholders and keeping them informed and involved as appropriate. In general, our incident response process follows the NIST (National Institute of Standards and Technology) framework and focuses on four phases: preparation detection and analysis containment, eradication and recovery and post-incident remediation. Impact of Cybersecurity Risk In 2023, we did not identify and were not aware of any cybersecurity breaches that we believe have materially affected or are reasonably likely to materially affect our business strategy, results of operations, or financial condition.

Company Information