MONARCH CASINO & RESORT INC - (MCRI)
10-K Filing Date: February 28, 2024
Cybersecurity Risk Management and Strategy
In today's increasingly interconnected world, cybersecurity is not just a concern, it's a fundamental responsibility. At Monarch Casino & Resort, Inc., we understand that the security of our digital assets is essential to safeguarding our critical infrastructure, ensuring the confidentiality and integrity of sensitive information, maintaining business continuity, and fostering trust with our stakeholders.
We are developing and implementing a robust and comprehensive cybersecurity program that aligns with industry best practices, regulatory requirements, and our Company’s specific risks in the evolving threat landscape. This program is designed to not only address current challenges but also proactively position us to mitigate future risks and maintain a resilient digital posture.
The foundation of our cybersecurity framework is built on continuous risk management practices. We conduct regular threat assessments, administrative reviews, and vulnerability scans to proactively identify and evaluate cybersecurity risks. Our strategy is developed to be in harmony with our business objectives, incorporating industry best practices, staying abreast of evolving cyber threats, and complying with regulatory standards.
Recognizing the critical role of human factors in cybersecurity, we implement comprehensive education and awareness programs for all employees. These programs are designed to promote safe online practices and encourage prompt incident reporting. Additionally, we conduct phishing simulations and other exercises to measure and improve our employees' ability to recognize and respond to cyber threats effectively.
Our incident response and recovery planning is a key component of our cybersecurity efforts. We have developed and documented an incident response plan that outlines specific procedures for identifying, containing, and remediating cyber incidents. Regular testing of this plan ensures its effectiveness, with adjustments made as necessary. Furthermore, we maintain backups of essential data and systems to enable swift recovery from any cyber incidents.
On the technical front, we deploy a variety of safeguards to protect our systems. These include firewalls, intrusion detection and prevention systems, data encryption, and strict access controls. Regular updates and patches are applied to software and firmware to mitigate known vulnerabilities and strengthen our security posture.
Risk assessment is an ongoing process within our organization. We routinely perform assessments to identify, analyze, and prioritize cybersecurity risks. The outcomes of these assessments directly inform our cybersecurity strategy and guide the allocation of resources.
In response to the recent SEC cybersecurity disclosure rule, we have updated our cybersecurity program to incorporate the requirements to disclose, as appropriate or required and if deemed to be material, such a material incident via a Form 8-K within four (4) business days of determining the occurrence of such a cybersecurity incident.
29
Management’s Role
Our chief information officer and our security architect are responsible for day-to-day assessing and managing the cybersecurity risk and threats through internal assessment tools as well as third-party control tests, for audits and evaluation against industry standards and regulations.
In addition, we have a management Cybersecurity committee, which is comprised of chief executive officer, chief information officer, corporate director of internal audit and executive vice president of finance. The Cybersecurity committee is responsible to set strategy and ensure our cybersecurity program is consistently evaluated and kept up to date with the latest developments in the cybersecurity.
Board of Directors Oversight
Our board of directors plays a crucial role in overseeing our cybersecurity program. The board receives regular updates on cybersecurity program's status and effectiveness by the Cybersecurity committee. The audit committee oversees the cybersecurity program and provides strategic guidance to management, ensuring that our approach to cybersecurity remains robust, proactive, and aligned with our business needs.
30