Cycurion, Inc. 10-K Cybersecurity GRC - 2025-04-17

Page last updated on April 17, 2025

Cycurion, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2025-04-17 07:40:58 EDT.

Filings

10-K filed on 2025-04-17

Cycurion, Inc. filed a 10-K at 2025-04-17 07:40:58 EDT
Accession Number: 0001641172-25-005155

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. CYBERSECURITY Risk Management and Strategy We have established policies and processes for assessing, identifying, and managing material risks from cybersecurity threats. We have designed and implemented an Access Control Policy. The policy and supporting procedures encompass all information systems that are owned, operated, maintained, and controlled by the Company and all other information systems, both internally and externally, that interact with these systems. Our cybersecurity program and policies is a collaborative effort, requiring commitment from all personnel, including management, internal employees and users of information systems, along with vendors, contractors, and other relevant third parties. Our Chief Information Security Officer (“CISO”) and Information System Security Officer (“ISSO”) are responsible for providing overall direction, guidance, leadership, and support for the entire information systems environment, while also assisting other applicable personnel in their day-to-day operations. The CISO and ISSO are to report to other members of senior management on a regular basis regarding all aspects of the organization’s information systems posture. Our internal employees and users are responsible for adhering to the organization’s information security policies, procedures, practices, and not undertaking any measure to alter such standards on any information systems. Additionally, end users are to report instances of non-compliance to senior authorities, specifically those by other users. End users - while undertaking day-to-day operations - may also notice issues that could impede the safety and security of our information systems and are to also report such instance immediately to senior authorities. Our vendors, contractor and other third-party entities are responsible for adhering to the organization’s information security policies, procedures, practices, and not undertaking any measure to alter such standards on any such system components. We have also implemented an IT Security Incident Response Policy. Incident response preparation comprises of how to respond to incidents and how to protect against and detect computer-related incidents. The process of providing incident response is identified by four distinct phases: (i) preparation; (ii) detection and analysis; (iii) containment, eradication and recovery; and (iv) post-incident activity. Our CISO and ISSO are responsible for developing, implementing, coordinating, and maintaining IT security policy and procedures. These individuals also fill the role of Computer Incident Response Team (CIRT) Leaders. They are responsible for the operations of the system and its applications, including reporting, responding to security incidents, and ensuring that adequate event logging is enabled. Our ISSO is responsible for the security of the system and for ensuring incident response (IR) policy and plan are documented, followed, that the IR plan is tested annually, updated with lessons learned from training exercises and on-going incident handling activities, and periodically reviewed at least on an annual basis. This person also fills the role of Deputy CIRT Leader. Our CISO is responsible for information security within the organization and is responsible for the review and approval of the incident response policy and plan. General end-users and non-CIRT personnel are responsible for actively securing their systems and notifying the CIRT of any suspected information security incident (e.g., potential virus detection, phishing emails, potential malware infection, etc.). Governance Management considers cybersecurity risk as part of its overall risk oversight function and reviews policies and procedures relative to both the systems and facility to ensure all requirements are within the Company’s purview to meet, and that appropriate resources have been dedicated or otherwise made available to accomplish, these requirements. Our management team, including our CISO and ISSO, are responsible for day-to-day implementation, assessment, and management our cybersecurity risk assessment and management processes. The CISO and ISO have primary responsibility for our overall cybersecurity risk management program, including monitoring the prevention, detection, mitigation, and remediation of cybersecurity incidents, and works in partnership with our other business leaders. Our CISO and ISO supervise both our internal cybersecurity personnel and any retained external cybersecurity consultants. Our CISO and ISSO have served in various roles in information technology and information security for over 25 years each. The Board of Directors receives presentations and reports on cybersecurity, which address a range of topics including recent developments, evolving standards, the threat environment, cybersecurity systems testing and vulnerability assessments, and the Company’s practices and policies to manage risks. The CISO and ISSO report to the Board of Directors on cybersecurity matters and materials risks, if any, from cybersecurity threats. The Board of Directors also receive notice of any significant cybersecurity incidents, as well as ongoing updates regarding any such incident until it has been addressed. As of the date of this Annual Report, we are not aware of any risks from cybersecurity threats, including as a result of any previous cybersecurity incidents, that have materially affected the Company, its business strategy, results of operations or financial condition. As cybersecurity threats become more sophisticated, it is reasonably likely that we will be required to expend greater resources to continue to modify and enhance our protective measures.

Company Information