VASO Corp - (VASO)

10-K Filing Date: April 01, 2024
ITEM 1C – CYBERSECURITY

 

Our Board is actively engaged in the oversight of the Company’s cybersecurity, information security, data protection, and technology programs (“cybersecurity”) . The Audit Committee of the Board serves as the principal agent of the Board in fulfilling its oversight and review of the Company’s policies and procedures with respect to cybersecurity risk assessment and risk management. The Company’s Chief Operating Officer (COO) leads the Company’s cybersecurity risk assessment and risk management program. Our COO, who is also the head of our IT business with over 25 years of experience in the information technology industry, leads the team from our IT business in designing and implementing our cybersecurity program.

 

Our COO and the executive team in our IT business periodically assesses industry best practices, frameworks, and standards so that our practice is up to date for the effective prevention, detection, mitigation, and remediation of cybersecurity incidents. Our cybersecurity risk management program includes the deployment of tools and activities designed to monitor, detect, prevent and analyze current and emerging cybersecurity threats, and plans and strategies to address threats and incidents. Program highlights include:

 

Employing a multi-layer strategy of defense designed to ensure the safety, security, and responsible use of information and data.

 

Monitoring of all IT assets, resources, and data 24-hours per day, 7-days per week, 365-days per year by security operations center (SOC).

 

Performing annual testing of the Company’s incident response plan and cybersecurity posture.

 

Incorporating external expertise to manage the SOC, perform penetration tests, cyber-attack simulation exercises, and log management to review anomalies indicating a possible breach.

 

Maintaining a business continuity program and cyber insurance.

 

Performing periodic employee simulated phishing campaigns.

 

Conducting annual cybersecurity and insider threat training for all employees.

 

The COO is responsible for informing the Audit Committee and the Board of Directors, the CEO and other members of the senior management team on cybersecurity risks on a regular basis, including evolving cybersecurity threats, cybersecurity incidents, cybersecurity technologies and solutions deployed, major cybersecurity risk areas, and policies and procedures to address those risks and cybersecurity incidents, as well as assessments of our cybersecurity program. The COO also informs the CEO and other members of our senior management team on a more informal basis of all aspects related to cybersecurity risks and incidents. This ensures that the highest levels of management are kept abreast of the cybersecurity posture and potential risks facing us. Any significant cybersecurity matters and strategic risk management decisions related thereto are escalated to the Board of Directors, ensuring that they have comprehensive oversight and can provide guidance on significant cybersecurity issues.

 

In 2023, the Company achieved its primary cybersecurity risk management objective of no material cybersecurity incidents.

 

As of the date of this report, the Company is not aware of any material risks from cybersecurity threats, including those resulting from previous cybersecurity incidents, that have materially affected or are reasonably likely to materially affect the Company, including our business strategy, results of operations, or financial condition. For more information about the cybersecurity risks we face, see the risk factors entitled “Data security incidents or disruptions in our information technology systems could damage our business” in Item 1A “Risk Factors” of this Form 10-K.