Webstar Technology Group Inc. - (WBSR)

10-K Filing Date: March 29, 2024
ITEM 1C. CYBERSECURITY

 

Cybersecurity Risk Management and Strategy

 

We have developed and implemented a cybersecurity risk management program intended to protect the confidentiality, integrity, and availability of our critical systems and information.

 

We design and assess our program based on the National Institute of Standards and Technology Cybersecurity Framework Special Publication 800-53, 800-61, rev 2 (“NIST CSF). This does not imply that we meet any particular technical standards, specifications, or requirements. We use the NIST CSF as a guide to help us identify, assess, and manage cybersecurity risks relevant to our business.

 

We have implemented a number of security measures designed to protect its systems and data, including firewalls, antivirus and malware detection tools, patches, log monitors, routine back-ups, system audits, system hardening, penetration testing and privileged access session management. In addition, we have continued its efforts to migrate its platforms to cloud-based computing, which is designed to further strengthen its security posture.

 

Our cybersecurity risk management program is integrated into our overall enterprise risk management program and shares common methodologies, reporting channels, and governance processes that apply across the enterprise risk management program to other legal, compliance, strategic, operational, and financial risk areas.

 

19

 

 

Our cybersecurity risk management program includes the following:

 

 

risk assessments designed to help identify material cybersecurity risks to our critical systems, information, products, services, and our broader enterprise IT environment;

 

 

a security team principally responsible for managing (1) our cybersecurity risk assessment processes, (2) our security controls, and (3) our response to cybersecurity incidents;

 

 

the use of external service providers, where appropriate, to assess, test, or otherwise assist with aspects of our security controls;

 

  cybersecurity awareness training of our employees, incident response personnel, and senior management; and

 

  a cybersecurity incident response plan that includes procedures for responding to cybersecurity incidents.

 

There can be no assurance that our cybersecurity risk management program and processes, including our policies, controls or procedures, will be fully implemented, complied with or effective in protecting our systems and information.

 

Cybersecurity Governance

 

Our Board considers cybersecurity risks as part of its risk oversight function and has delegated to the Audit Committee oversight of cybersecurity and other information technology risks.

 

Our Board oversees management’s implementation of our cybersecurity risk management program and receives updates on the cybersecurity risk management program from management at least annually. In addition, management updates the Board regarding any material or significant cybersecurity incidents, as well as incidents with lesser impact potential as necessary.

 

Ongoing Risks

 

We have not experienced any material cybersecurity incidents. We have not identified risks from known cybersecurity threats, including as a result of any prior cybersecurity incidents, that have materially affected us, including our operations, business strategy, results of operations, or financial condition.