The Null Session

Musings on cybersecurity, risk, privacy, science & society

John D. Johnson, Ph.D., CISSP, CRISC

About John
by John

Posted in Exploits & Attacks, Infosec

by John

The World Economic Forum has released its annual Global Risks Report, which prominently addresses cyber risk. They’ve also released a Cyber Resilience Report, which comes in two parts: “a reference architecture for public-private collaboration, and cyber policy models.” The playbook, intended to be adaptable to any nation’s values and interests, takes up fourteen policy topics and analyzes them in terms of their impact on five areas: security, privacy, economic value, accountability, and fairness. Read More

Posted in Infosec, Risk Management

by John

Please folks, don’t post passwords on PostIt Notes… especially when you are on TV.

Posted in Infosec

by John

IAPP (morning newsletter) suggests companies may back off from bug bounties due to Uber leak – that just moves us in the WRONG direction. We can’t ignore vulns for a year and then blame the hacker. Companies need to do whatever works for them to uncover vulns and take a risk-based approach to close them.

Posted in Data Breaches, Exploits & Attacks

by John

[via Nextgov] “Inspectors found the case management system as part of a criminal investigation but did not say if the former employee is the target of that investigation. The case management system contained personal information on 247,167 Homeland Security employees who worked for the department when the information was removed in 2014, the department said. It also contained information about non-employees who were subjects, witnesses or complainants in inspector general investigations between 2002 and 2014, the department said. The statement does not say how many non-employees were in that group.” Read More

Posted in Data Breaches

by John

Posted in Exploits & Attacks, Infosec