Josephine Wolff

Job Title: 
Assistant Professor
Public Policy
585-475-4434 1-1327


Josephine Wolff is an assistant professor in the Public Policy department at RIT and a member of the extended faculty of the Computing Security department. She is a faculty associate at the Harvard Berkman Center for Internet & Society and a fellow at the New America Cybersecurity Initiative.

Wolff recieved her PhD. in Engineering Systems Division and M.S. in Technology and Policy from the Massachusetts Institute of Technology, as well as her A.B. in Mathematics from Princeton University.

Her research interests include cybersecurity law and policy, defense-in-depth, security incident reporting models, economics of information security, and insurance and liability protection for computer security incidents. She researches cybersecurity policy with an emphasis on the social and political dimensions of defending against security incidents, looking at the intersection of technology, policy, and law for defending computer systems and the ways that technical and non-technical computer security mechanisms can be effectively combined, as well as the ways in which they may backfire. Currently, she is working on a project about a series of cybersecurity incidents over the course of the past decade, tracing their economic and legal aftermath and their impact on the current state of technical, social, and political lines of defense. She writes regularly about cybersecurity for Slate, and her writing has also appeared in The Atlantic, Scientific American, The New Republic, Newsweek, and The New York Times Opinionator blog.

Google Scholar Profile

Research Gate Profile

Current Research:

Dr. Wolff is currently working on analyzing the aftermath of cybersecurity incidents to understand how they have influenced current approaches to technical, social, and political security. By questioning and observing how past attacks transpired and how companies, consumers, and policy-makers responded to them, she is expanding understanding of how we draw lessons from past security incidents and protect computing systems from breaches in the future.

Dr. Wolff’s studies involve in-depth analyses of cybersecurity incidents that have occurred during the past ten years, including financially- and revenge-motivated breaches and cyber espionage incidents. Through her analyses, she is assessing past cybersecurity events from an economic and legal perspective. Specifically, she is asking how different stakeholders such as retailers, credit card companies, software developers, and hardware manufacturers should be held responsible for breaches and how liability should be distributed among the involved stakeholders. In addition, Dr. Wolff is exploring which of these actors assume portions of the cost of cybersecurity incidents as part of her attempt to trace the way that current policies address the issue of liability. In conjunction with this study, she is examining the development of cybersecurity insurance markets and the efforts of companies to implement safety protocols, such as two-factor authentication.


Telecom Policy and Issues; Cyber Security Policy and Law