Alzamend Neuro, Inc. - (ALZN)
10-K Filing Date: July 30, 2024
Information Security Program
The mission of our information security program is to design, implement, and maintain a comprehensive information security program that protects our systems, services, and data against unauthorized access, disclosure, modification, damage, and loss. Our information security program is comprised of internal and external security and technology professionals who work collaboratively to identify, assess, manage, and mitigate cybersecurity risks and threats across the Company and third-party contractors.
We recognize the importance of effectively managing material risks associated with cybersecurity threats, as defined in Item 106(a) of Regulation S-K. Our risk management program integrates the monitoring and management of these risks and threats and is informed by applicable laws, regulations, industry standards, and best practices. We continue to invest in information security resources to mature, expand, and adapt our capabilities to address emerging cybersecurity risks and threats.
Our information security organization is committed to maintaining a robust and resilient security posture that enables us to protect our assets, maintain our stakeholders' trust, and support our business's overall success.
Cybersecurity Risk Management and Strategy
Our cybersecurity risk management and strategy are integral components of our comprehensive information security program. They guide our continuous efforts to evaluate and improve the confidentiality, integrity, and availability of our critical systems, data, and operations.
We have adopted an Information Security Policy (the “Info-Sec Policy”) and an Incident Response Plan (the “Response Plan”) that establish administrative, physical, and technical controls and procedures to protect sensitive data throughout the Company. These policies also outline processes to assess, identify, manage, and report cybersecurity risks and incidents. The Info-Sec Policy applies to all persons working for the Company and any third parties working with us in any capacity.
Our approach to controls and risk management is informed by applicable laws and regulations, as well as industry standards and best practices. These serve as a guide to help us identify, assess, and manage cybersecurity controls and risks relevant to our business.
Our cybersecurity risk management program includes:
1. | Identifying cybersecurity risks that could impact our facilities, third-party vendors/partners, operations, critical systems, information, and broader enterprise information technology environment. Risks are informed by threat intelligence, current and historical adversarial activity, and industry-specific threats; |
2. | Performing cybersecurity risk assessments to evaluate our readiness if the risks were to materialize; |
3. | Ensuring risk is addressed and tracking any necessary remediation through an action plan; |
4. | Analyzing all third-party vendors for compliance with our internal Info-Sec Policy to assess potential risks associated with their security controls. We generally require third parties to maintain security controls, notify us promptly of any data breach or cybersecurity incident that may impact our data, and provide written assurance of corrective actions; and |
5. | Engaging and utilizing a comprehensive suite of security solutions, including enterprise mobility management, endpoint protection, secure file transfer, and security information and event management to monitor and actively respond to cybersecurity threats. These solutions work together to secure our endpoints, protect against malware, ensure the safe transfer of files, and provide our cybersecurity team with the functionality to build alerts on specific use cases that are important and unique to our business. |
- 47 - |
Cybersecurity Governance
Our Board oversees cybersecurity risk as part of its overall risk oversight function. We utilize resources from AULT to act as our information technology department (the “IT Department”), which functions as our Information Security Advisory Team. The IT Department is responsible for managing our information security program and implementing cybersecurity risk management practices.
The IT Department collaborates with various stakeholders across the organization to identify, assess, and mitigate cybersecurity risks. They regularly monitor and adapt our information security program to address the evolving threat landscape.
In the event of a cybersecurity incident, the IT Department promptly reports the matter to the Chief Financial Officer. The Chief Financial Officer is responsible for assessing the severity and potential impact of the incident and determining the appropriate course of action. The Chief Financial Officer keeps the Board informed of significant cybersecurity incidents and provides updates on the overall status of our cybersecurity program as needed.
This governance structure ensures that cybersecurity risks are effectively managed by the IT Department, with oversight from the Chief Financial Officer and the Board. It maintains clear lines of communication and accountability, enabling timely decision-making and response to cybersecurity matters.
During fiscal 2024, we did not identify any cybersecurity threats that have materially affected or are reasonably likely to materially affect our business strategy, results of operations or financial condition. However, despite our efforts, we may not successfully eliminate all risks from cybersecurity threats and can provide no assurance that undetected cybersecurity incidents have not occurred.