Castellum, Inc. - (CTM)
10-K Filing Date: March 21, 2024
Item 1C. Cybersecurity
Risk management and strategy
The Company recognizes the critical importance of developing, implementing, and maintaining robust cybersecurity measures to safeguard our information systems and protect the confidentiality, integrity, and availability of our data.
Managing Material Risks & Integrated Overall Risk Management
Castellum strategically integrated cybersecurity risk management into our broader risk management framework to promote a company-wide culture of cybersecurity risk management. This integration ensures that cybersecurity considerations are an integral part of our decision-making processes at every level. Our IT department continuously evaluates and addresses cybersecurity risks in alignment with our business objectives and operational needs.
Engage Third-parties on Risk Management
23
Recognizing the complexity and evolving nature of cybersecurity threats, the Company engages with a range of external experts, including cybersecurity assessors, consultants, and auditors in evaluating and testing our critical systems. These partnerships enable us to leverage specialized knowledge and insights, ensuring our cybersecurity strategies and processes remain at the forefront of industry best practices. Our collaboration with these third parties includes periodic audits, threat assessments, and consultation on security enhancements.
Oversee Third-party Risk
Because we are aware of the risks associated with third-party service providers, the Company implements stringent processes to oversee and manage these risks. We conduct thorough security assessments of all third-party providers before engagement and maintain ongoing monitoring to ensure compliance with our cybersecurity standards. The monitoring includes quarterly assessments by our Vice President of Technology and Deployment (the “VP of Technology”) and on an ongoing basis by our security engineers. This approach is designed to mitigate risks related to data breaches or other security incidents originating from third parties.
Risks from Cybersecurity Threats
We have not encountered cybersecurity challenges that have materially impaired our operations or financial standing.
Governance
The Board is acutely aware of the critical nature of managing risks associated with cybersecurity threats. The Board has established oversight mechanisms to ensure effective governance in managing risks associated with cybersecurity threats because we recognize the significance of these threats to our operational integrity and stakeholder confidence. The Board is briefed on a periodic basis as to the nature of actions taken to mitigate risks from cyberattacks.
Board of Directors Oversight
The Audit Committee is central to the Board’s oversight of cybersecurity risks and bears the primary responsibility for this domain. The Audit Committee is composed of board members with diverse expertise including, risk management, technology, and finance, equipping them to oversee cybersecurity risks effectively.
Management’s Role Managing Risk
The VP of Technology and Deployment and the CEO play a pivotal role in informing the Audit Committee on cybersecurity risks. They provide comprehensive briefings to the Audit Committee on a semi-annual basis, with a minimum frequency of once per year. These briefings encompass a broad range of topics, including:
● | Current cybersecurity landscape and emerging threats; | |||||||
● | Status of ongoing cybersecurity initiatives and strategies; | |||||||
● | Incident reports and learnings from any cybersecurity events; and | |||||||
● | Compliance with regulatory requirements and industry standards. |