Prairie Operating Co. - (PROP)

10-K Filing Date: March 18, 2024
Item 1C. Cybersecurity

 

Description of Processes for Assessing, Identifying, and Managing Cybersecurity Risks

 

In the normal course of business, we may collect and store certain sensitive Company information, including proprietary and confidential business information, trade secrets, intellectual property, sensitive third-party information and employee information. We seek to assess, identify and manage cybersecurity risks through the processes described below:

 

  Risk Assessment:
     
    A system designed to protect and monitor data and cybersecurity risk has been implemented. Regular assessments of our cybersecurity safeguards and those of certain of our third-party service providers are conducted by independent firms. Our internal management team conducts regular evaluations designed to assess, identify and manage material cybersecurity risks, and we endeavor to update cybersecurity infrastructure, procedures, policies, and education programs in response.
     
  Incident Identification and Response:
     
    Monitoring and detection processes and procedures have been implemented to help identify cybersecurity incidents. In the event of an incident, we intend to follow protocols associated with incident detection, mitigation, recovery and notification, including notifying senior leadership and the Board, as appropriate.
     
  Cybersecurity Training and Awareness:
     
    Cybersecurity awareness training has been implemented for all employees whereby training is conducted at least on an annual basis.
     
  Access Controls:
     
    Users are provided with access consistent with the principle of least privilege, which requires that users be given no more access than necessary to complete their job functions.
     
  Encryption and Data Protection:
     
    Encryption methods are used to protect sensitive data.

 

51
 

 

We engage third-party service providers as part of our cybersecurity program. For example, we have engaged an independent cybersecurity advisor to review, assess, and make recommendations regarding our information security program and information technology strategic plan. We recognize that third-party service providers introduce cybersecurity risks. In an effort to mitigate these risks, we assess third party cybersecurity controls through the review of systems and organizational controls audit reports performed by independent auditors of certain of our information system related third-party service providers.

 

The above cybersecurity risk management processes are integrated into the Company’s overall enterprise risk management program. Cybersecurity risks are understood to be significant business risks.

 

Impact of Risks from Cybersecurity Threats

 

As of the date of this Annual Report, though the Company and our service providers have experienced certain cybersecurity incidents, we are not aware of any previous cybersecurity threats that have materially affected or are reasonably likely to materially affect the Company. However, we acknowledge that cybersecurity threats are continually evolving, and the possibility of future cybersecurity incidents remains. Despite the implementation of our cybersecurity processes, our security measures cannot guarantee that a significant cyberattack will not occur. A successful attack on our information technology systems could have significant consequences to the business. While we devote resources to our security measures to protect our systems and information, these measures cannot provide absolute security. No security measure is infallible. See “Risk Factors - Terrorist attacks, cyberattacks and threats could have a material adverse effect on our business, financial condition and results of operations.” for additional information about the risks to our business associated with a breach or compromise to our information technology systems.

 

Board of Directors’ Oversight and Management’s Role

 

Our Board is ultimately responsible for overseeing cybersecurity, information security, and information technology risks, as well as management’s actions to identify, assess, mitigate, and remediate those risks. As part of its program of regular risk oversight, the Audit Committee assists the Board in exercising oversight of the Company’s cybersecurity, information security, and information technology risks. On an annual basis, the Audit Committee reviews and discusses with management the Company’s policies, procedures and practices with respect to cybersecurity, information security and information and operational technology, including related risks. In addition, our Chief Financial Officer regularly briefs senior management, the Board of Directors and the Audit Committee on cybersecurity issues as part of our overall enterprise risk management program, which may include information regarding our exposure to privacy and cybersecurity risks deemed to have a moderate or higher business impact, even if immaterial to us.

 

The Company has an internal management team that focuses on current and emerging cybersecurity matters. The Company’s internal management team is led by the Chief Financial Officer. The internal management team is responsible for implementing cybersecurity policies, programs, procedures, and strategies. Our internal management team includes professionals with backgrounds in information security, risk management, and incident response. Our Chief Financial Officer has experience leading the information technology departments at another publicly-traded, upstream energy company for over four years and led enterprise risk management processes at publicly traded, upstream energy companies for approximately 10 years.