Cybersecurity Risk Management Processes Overview

This document is a technical report detailing the company's cybersecurity risk management processes. It outlines the implementation of procedures for assessing, identifying, and managing material risks from cybersecurity threats as part of the overall risk management program. The report describes the use of the National Institute of Standards and Technology Cybersecurity Framework and other recognized standards to inform the cybersecurity program. A layered defense model is employed, incorporating various technologies and practices such as intrusion detection systems, multi-factor authentication, and endpoint protection tools. The document also explains the processes for overseeing cybersecurity risks associated with third-party service providers, including security assessments and due diligence reviews. Additionally, it details the maintenance of an incident response plan that establishes procedures for reporting and handling cybersecurity events, along with the governance structure involving the Board of Directors and the Audit Committee's oversight responsibilities. Regular assessments and training for employees are also included in the cybersecurity strategy.