Massimo Group - (MAMO)
10-K Filing Date: April 15, 2024
Our cybersecurity risk management program is designed to align with industry-standard cybersecurity frameworks and includes processes related to each of the following functions: identification, protection, detection, response, and recovery. Examples of relevant processes include steps for: assessing the severity of a cybersecurity threat; identifying the source of a cybersecurity threat, including whether the cybersecurity threat is associated with a third-party service provider; implementing cybersecurity countermeasures and mitigation strategies; and remediating and escalating cybersecurity incidents using cross-functional expertise. Our cybersecurity risk management program also includes risk-based processes related to overseeing and identifying cybersecurity risks associated with the use of third-party providers, including processes related to: conducting cybersecurity assessments of third-party service providers, including cybersecurity obligations in contract with third-party service providers; and receiving and responding to notification of cybersecurity incidents of third-party service providers. Our cybersecurity team engages third-party security experts to assist with our processes for assessing, identifying, and managing risks from cybersecurity threat, including, for example, assessment of the maturity of our cybersecurity risk management program, penetration testing, employee awareness testing, phish testing, and incident monitoring and response, including conducting tabletop exercises.
43 |
Our cybersecurity risk management program is under the direction of IT manager, who has master degree in IT management. The IT manager receives reports from our cybersecurity team on the prevention, detection, mitigation, and remediation of cybersecurity incidents. Our Executive Cybersecurity Council meets as appropriate and receives updates from IT manager regarding our cybersecurity risks and risk management program; cybersecurity incidents and our response to them; and, as appropriate, developments in the external cybersecurity landscape, including learnings from external cybersecurity incidents.
Our full Board of Directors provides oversight of our cybersecurity risk management program and will receive updates on the program from IT manager on a quarterly basis, or more frequently as appropriate. Those updates will include information regarding our cybersecurity risks and risk management program; cybersecurity incidents and our response to them; and, as appropriate, developments in the external cybersecurity landscape, including any learnings from external cybersecurity incidents.
In 2023, we did not identify any cybersecurity threats that have materially affected or are reasonably likely to materially affect our business strategy, results of operations, or financial condition. However, despite our efforts, we cannot eliminate all risks from cybersecurity threats, or provide assurances that we have not experienced an undetected cybersecurity incident. For more information about these risks, please see “Risk Factors – Risks Relation to our Business, Strategy, and Industry” in Report.