|
Cybersecurity Risk Management and Strategy Disclosure
|12 Months Ended
May 03, 2025
|Cybersecurity Risk Management, Strategy, and Governance [Line Items]
|Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
|
Cybersecurity Risk Management and Strategic Approach
The company’s information security program is meticulously crafted, integrating administrative, technical, and physical safeguards. Embracing a risk-based approach, we proactively mitigate cybersecurity risks to ensure the confidentiality, integrity, and availability of our information systems and data assets. This comprehensive framework extends to overseeing service-provider relationships, aligning with the specific risks associated with each engagement.
Deploying a multi-tiered defense strategy, we fortify our defenses with layers of controls designed to identify, protect against, detect, respond to, and recover from cybersecurity incidents. Central to this effort is our Cyber Security Team, entrusted with the critical task of swiftly detecting, mitigating, and remediating cybersecurity threats. Guided by our documented incident response plans, we orchestrate a swift and decisive response, engaging functional areas, internal escalations, and stakeholders as dictated by the nature and severity of the incident.
Key to our cybersecurity resilience, we strategically leverage third-party expertise and tools to augment our defenses, ensuring a proactive stance against evolving threats. Rigorous assessments by third-party auditors validate the alignment of specific components of our technology environment with industry standards such as the Payment Card Industry Data Security Standards, ensuring robust compliance and resilience.
Industry standards such as the National Institute of Standards and Technology's Framework for Improving Critical Infrastructure Cybersecurity inform our program and are the basis of our compliance commitment. Regular maturity assessments, conducted by external experts, ensure that our cybersecurity program remains at the forefront of industry best practices, tailored to our unique operational landscape.
Although cybersecurity threats are an inherent part of the digital landscape, we stand resilient. While past incidents have been swiftly addressed without material impact on our operations or financial standing, we remain vigilant. Our Enterprise Risk Management program recognizes the ongoing nature of cybersecurity risks and our commitment to mitigating potential impacts on our operations, business strategy, and financial health.
|Cybersecurity Risk Management Processes Integrated [Flag]
|true
|Cybersecurity Risk Management Processes Integrated [Text Block]
|
The company’s information security program is meticulously crafted, integrating administrative, technical, and physical safeguards. Embracing a risk-based approach, we proactively mitigate cybersecurity risks to ensure the confidentiality, integrity, and availability of our information systems and data assets. This comprehensive framework extends to overseeing service-provider relationships, aligning with the specific risks associated with each engagement.
Deploying a multi-tiered defense strategy, we fortify our defenses with layers of controls designed to identify, protect against, detect, respond to, and recover from cybersecurity incidents. Central to this effort is our Cyber Security Team, entrusted with the critical task of swiftly detecting, mitigating, and remediating cybersecurity threats. Guided by our documented incident response plans, we orchestrate a swift and decisive response, engaging functional areas, internal escalations, and stakeholders as dictated by the nature and severity of the incident.
|Cybersecurity Risk Management Third Party Engaged [Flag]
|true
|Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]
|true
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]
|false
|Cybersecurity Risk Board of Directors Oversight [Text Block]
|
Our Board of Directors, Audit Committee and Legal team oversee the cybersecurity processes of identifying and mitigating cybersecurity risks. Reporting directly to our Chief Information Officer, our Chief Information Security Officer (“CISO”) leads the charge, ensuring that our cybersecurity posture remains robust and adaptive. Through quarterly updates to the Audit Committee and periodic briefings to the Board of Directors, senior management keeps governance structures informed and aligned with our evolving cybersecurity landscape.
|Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]
|Our Board of Directors, Audit Committee and Legal team oversee the cybersecurity processes of identifying and mitigating cybersecurity risks. Reporting directly to our Chief Information Officer, our Chief Information Security Officer (“CISO”) leads the charge, ensuring that our cybersecurity posture remains robust and adaptive.
|Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]
|Through quarterly updates to the Audit Committee and periodic briefings to the Board of Directors, senior management keeps governance structures informed and aligned with our evolving cybersecurity landscape.
|Cybersecurity Risk Role of Management [Text Block]
|
With over a decade of dedicated service to BNED, our current CISO brings a wealth of experience and expertise to the organization, including over three decades of Information Technology (“IT”) experience. The last two decades have focused on IT security and innovative ways to manage and lead a security team. Previously, the CISO was the Director of IT Security and Infrastructure at The Children’s Place Inc. The CISO is experienced in deploying a Zero Trust framework, Identity and Access Management programs, Email and Web Gateways, managing IT compliance for SOX, PCI, and ADA, and has developed and introduced new information security and computer risk management programs based on the National Institute of Standards and Technology (NIST) Cybersecurity Framework across numerous platforms for multiple retail chains.
Supported by a dynamic leadership team comprised of seasoned professionals, our cybersecurity initiatives are not just policies; they are a testament to our commitment to securing customer information and upholding our privacy promises. Embedded in our Code of Conduct & Ethics and reinforced through our security awareness training program, cybersecurity awareness is not just a task; it is a shared responsibility, woven into the fabric of our corporate culture.
|Cybersecurity Risk Management Positions or Committees Responsible [Flag]
|true
|Cybersecurity Risk Management Positions or Committees Responsible [Text Block]
|Our Board of Directors, Audit Committee and Legal team oversee the cybersecurity processes of identifying and mitigating cybersecurity risks. Reporting directly to our Chief Information Officer, our Chief Information Security Officer (“CISO”) leads the charge, ensuring that our cybersecurity posture remains robust and adaptive.
|Cybersecurity Risk Management Expertise of Management Responsible [Text Block]
|
With over a decade of dedicated service to BNED, our current CISO brings a wealth of experience and expertise to the organization, including over three decades of Information Technology (“IT”) experience. The last two decades have focused on IT security and innovative ways to manage and lead a security team. Previously, the CISO was the Director of IT Security and Infrastructure at The Children’s Place Inc. The CISO is experienced in deploying a Zero Trust framework, Identity and Access Management programs, Email and Web Gateways, managing IT compliance for SOX, PCI, and ADA, and has developed and introduced new information security and computer risk management programs based on the National Institute of Standards and Technology (NIST) Cybersecurity Framework across numerous platforms for multiple retail chains.
|Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]
|
Our Board of Directors, Audit Committee and Legal team oversee the cybersecurity processes of identifying and mitigating cybersecurity risks. Reporting directly to our Chief Information Officer, our Chief Information Security Officer (“CISO”) leads the charge, ensuring that our cybersecurity posture remains robust and adaptive. Through quarterly updates to the Audit Committee and periodic briefings to the Board of Directors, senior management keeps governance structures informed and aligned with our evolving cybersecurity landscape.
With over a decade of dedicated service to BNED, our current CISO brings a wealth of experience and expertise to the organization, including over three decades of Information Technology (“IT”) experience. The last two decades have focused on IT security and innovative ways to manage and lead a security team. Previously, the CISO was the Director of IT Security and Infrastructure at The Children’s Place Inc. The CISO is experienced in deploying a Zero Trust framework, Identity and Access Management programs, Email and Web Gateways, managing IT compliance for SOX, PCI, and ADA, and has developed and introduced new information security and computer risk management programs based on the National Institute of Standards and Technology (NIST) Cybersecurity Framework across numerous platforms for multiple retail chains.
|Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]
|true
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef