The Null Session

Musings on cybersecurity, risk, privacy, science & society

John D. Johnson, Ph.D., CISSP, CRISC

About John
by John

QC Cybersecurity Alliance worked with the Quad Cities Chamber of Commerce and others in the Quad Cities to develop best practices and guidance for local businesses. Check it out!

Quad Cities Chamber › PDF of Cybersecurity Playbook

Posted in Community, Infosec

by John

Steve Marino, CISO of Cisco, explains the need for security and business alignment. This is a basic concept we need to embrace, which is why I founded the infosec company Aligned Security: Align, measure, communicate.

Posted in Infosec

by John

Iowa House Study Bill 526 would require organizations to report a breach within 45 days, add new categories to reporting requirements, and expand the definition of what is considered personal information. The bill would apply to personal data in any form and also cover medical records, effectively shortening HIPAA breach reporting requirements by 15 days. If organizations implement increased encryption methods, they can be exempt from the proposed state reporting requirements.

Read More

Posted in Data Breaches, Law and Regulations

by John

Posted in Exploits & Attacks, Infosec

by John

Posted in Exploits & Attacks, Infosec

by John

The World Economic Forum has released its annual Global Risks Report, which prominently addresses cyber risk. They’ve also released a Cyber Resilience Report, which comes in two parts: “a reference architecture for public-private collaboration, and cyber policy models.” The playbook, intended to be adaptable to any nation’s values and interests, takes up fourteen policy topics and analyzes them in terms of their impact on five areas: security, privacy, economic value, accountability, and fairness. Read More

Posted in Infosec, Risk Management