Asset Entities Inc. - (ASST)
10-K Filing Date: April 02, 2024
39
Risk Management and Strategy
The Company recognizes the critical importance of developing, implementing, and maintaining robust cybersecurity measures to safeguard our information systems and protect the confidentiality, integrity, and availability of our data. We have developed the following processes as part of our strategy for assessing, identifying, and managing material risks from cybersecurity threats.
Managing Material Risks & Integrated Overall Risk Management
We have integrated cybersecurity risk management into our risk management processes. This integration is intended to ensure that cybersecurity considerations are part of our decision-making processes. We continuously evaluate and address cybersecurity risks in alignment with our business objectives and operational needs.
We have adopted the standard 2FA (two factor authentication) for all our eData access (emails, online storage, etc.). In addition, all our applications and third-party applications have timed, authentication and environmental disposable cookie processes that force every user to reauthenticate their credentials. Our business transactional data includes dumb access controls that are vendor-specific, a set or specified range of costs, faceless entry point, and a unique 4FA (four factor authentication) process, protecting access to our banking and application systems.
Moreover, our commitment to data security extends beyond industry standards through the implementation of advanced access controls. We have developed a sophisticated access control system, referred to as “dumb access controls,” which limits access to only specific vendors within a predefined range of costs. This system operates through a faceless entry point with a unique 4FA process, ensuring that access to sensitive banking or application systems is strictly controlled and virtually nonexistent for unauthorized entities. These comprehensive security measures not only protect our business transactional data but also uphold the integrity and confidentiality of our systems and information assets.
Engaging Third-Parties on Risk Management
Recognizing the complexity and evolving nature of cybersecurity threats, our Chief Experience Officer periodically evaluates and tests our risk management systems. Our Chief Experience Officer has specialized knowledge and insights, ensuring our cybersecurity strategies and processes remain at the forefront of industry best practices.
Overseeing Third-Party Risk
Because we are aware of the risks associated with third-party service providers, we implement processes to oversee and manage these risks. We conduct thorough security assessments of all third-party providers before engagement and maintain ongoing monitoring to ensure compliance with our cybersecurity standards. The monitoring includes regular assessments by our Chief Experience Officer. This approach is designed to mitigate risks related to data breaches or other security incidents originating from third parties.
Risks from Cybersecurity Threats
We have not encountered cybersecurity challenges that have materially affected or are reasonably likely to materially affect us, including our business strategy, results of operations, or financial condition.
Governance
Board of Directors Oversight
Our board of directors oversees the management of risks associated with cybersecurity threats.
40
Management’s Role Managing Risk
The Company’s Chief Experience Officer is primarily responsible for assessing, monitoring and managing our cybersecurity risks. The Chief Experience Officer must ensure that all industry standard cybersecurity measures are functioning as required to prevent or detect cybersecurity threats and related risks. The Chief Experience Officer provides briefings on cybersecurity threats and related risks to our Chief Executive Officer on a regular basis. Our Chief Experience Officer has ten years of experience in the field of information technology. The Chief Experience Officer oversees and tests our compliance with standards, remediates known risks, and leads our employee training program. The Chief Experience Officer has extensive experience in cybersecurity and possesses the knowledge and skills and background and experience necessary, as described in his biography.
Monitoring Cybersecurity Incidents
The Chief Experience Officer is continually informed about the latest developments in cybersecurity, including potential threats and innovative risk management techniques. The Chief Experience Officer implements and oversees processes for the regular monitoring of our information systems. This includes the deployment of industry-standard security measures and regular system audits to identify potential vulnerabilities. In the event of a cybersecurity incident, the Chief Experience Officer will implement an incident response plan. This plan includes immediate actions to mitigate the impact and long-term strategies for remediation and prevention of future incidents.
Reporting to Board of Directors
Significant cybersecurity matters, and strategic risk management decisions, will be escalated to the board of directors.