Peer to Peer Magazine

Winter 2015

The quarterly publication of the International Legal Technology Association

Issue link: https://epubs.iltanet.org/i/624538

Contents of this Issue

Navigation

Page 35 of 71

WWW.ILTANET.ORG 37 The software token, however, requires a four-to-eight-digit PIN, created by the user at the time of installation, to access the one- time password. This means that in addition to providing two-factor authentication, the RSA token also requires two-factor authentication! In other words, the user must have: • The device with the correct RSA software token app installed • The corresponding PIN This creates a much more secure RSA token. In addition, the RSA software token can be remotely revoked and recovered when someone leaves the company or the device is lost or stolen. This helps alleviate the security and financial concerns of an unaccounted-for hardware token. FEWER DEVICES The RSA software token also alleviates the headache of carrying multiple devices — phone and physical token — and minimizes the number of devices users must manage to access VPNs and other secure network resources. The RSA token allows administrators to gain greater control of the bring-your-own-device environment by providing users with the applications necessary to access the company's systems while adhering to company policy. THE RISE TO POWER Just like the gradual dissolution of company- issued devices and the rise of personal devices in the workforce, the hardware token will continue to lose market share until the software token is the exclusive medium for RSA tokens in the corporate world. What are you waiting for? Do away with your physical hardware tokens and embrace the digital world of software tokens! About the Author Richard (Ricky) Brooman is a Litigation Support Specialist at Saul Ewing LLP. In this capacity, he consults internal and external clients on best practices for e-discovery and information governance and manages all phases of the EDRM for litigation matters. Ricky is also a member of ILTA's Business Management Content Coordinating Team. Contact him at rbrooman@saul.com. What's Different About the 2013 ISO Certification? by Jeff Norris of LexisNexis There are some important differences between the 2005 and 2013 ISO certification standards. Here are a few highlights: The 2013 revision is the first major revision of the standard since its inception. The ISO/IEC group has leveraged the standard and practical experience from over 17,000 registrations worldwide to guide these updates, which are required to keep up with changes to and the introduction of new technologies. Updates to management system requirements allow organizations to have an integrated management system, rather than distinct separate ones, if achieving multiple certifications (ISO 9001, 22301, etc.). Risk assessment components were updated to help align them with the other standards. This allows organizations to use the same risk assessment methodology. The actual controls — such as access controls, monitoring, etc. — are to be selected using a process of risk assessment, rather than being picked from reference controls. There has been clarification of several controls and elimination of duplicate requirements. Control requirements have been updated and reduced to 114 from 133. The number of major clauses (or areas of focus) has expanded from 11 to 14. When firms achieve (any) certification, it demonstrates a commitment to sound business and security practices, and helps answer security audits and inquiries more easily. Keep these updates in mind if you plan to go through the process of getting ISO 2013 certified.

Articles in this issue

Links on this page

Archives of this issue

view archives of Peer to Peer Magazine - Winter 2015