NAVEX Global's Customers Protected from "Shellshock" Vulnerability

exec_bmccarter_blog.png

The “Shellshock” cybersecurity vulnerability has received a great deal of media attention in the past few days. Safeguarding the ethics and compliance data we process for customers is one of our top priorities. We would like to share the measures we have taken to protect our clients and partners from this risk.

Background

“Shellshock” refers to a collection of security vulnerabilities, including those known formally as CVE-2014-6277CVE-2014-6278CVE-2014-6721CVE-2014-7169CVE-2014-7186, and CVE-2014-7187 (and others are appearing), which are present in the popular Unix and Linux shell “bash.” Specifically crafted commands sent to an exposed, unpatched server could allow code to be executed on that server. However, we have a number of policies and procedures in place to mitigate these types of ongoing risks.

Review & Mitigation

Upon learning about the vulnerability, we immediately screened each of our customer-facing servers to determine the impact. Our EthicsPoint Case Management, Third Party Risk Management, PolicyTech Policy Management and NAVEX Global Learning Management System (LMS) do not use bash, and are therefore unaffected.  IntegriLink Classic and Portal Case Management servers did have the affected versions of bash. In response to this risk, on September 29, 2014, the IT Hosting Team deployed all available patches for correcting the vulnerability, and are applying patches using our emergency change control procedures as new patches become available.

Questions?

Please feel free to reach out to Client Support or to your NAVEX Global sales representative with any additional questions or concerns.


What do you have to say? Share your thoughts in the comments below or join a discussion group on Compliance Next.


Ireland Takes Big Step in Protecting Whistleblowers

Ireland's Protected Disclosures Act 2014 was enacted to protect whistleblowers across all sectors of the Irish economy. While a significant step forward, Irish organisations must now ensure that they are in compliance with the Act. Four key considerations for organisations who are just starting to build a whistleblower protection program.
Previous/Next Article Chevron Icon of a previous/next arrow. Previous Post

Five Strategies For Addressing Social Media Risks (Without Breaking the Bank or Using Up Valuable Seat Time)

With all the other critical compliance priorities in queue, social media has a hard time beating out pressing compliance risks like privacy, insider trading, conflicts of interest, and bribery and corruption. But ignoring the risk all-together is certainly not a wise decision. By taking five simple steps you can start to weave social media education into your compliance program.
Next Post Previous/Next Article Chevron Icon of a previous/next arrow.

Comments

Email Signup