Networked organizations must grapple with a constant trade-off between ease of workflow for their employees, and devoting time and resources to computer security. In a group of collaborators whose workflows can differ substantially, creating broad and cohesive awareness around security can be difficult, especially for spaces like news institutions, where continuous collaboration must be carried out under continuous threat of cyberattack. Using a sensemaking framework, we analyzed interviews with two levels of organizational actors, lower-level reporters and higher-level supervising editors. Fragmented sensemaking, in which individuals maintain their own discrete and disconnected approaches to the complex situation of computer security, was pervasive. Storytelling as a sensemaking strategy, however, was found in both levels. In particular, while personal stories were shared by all partici-pants, higher-level editors on average shared more second-hand narratives they'd heard about other organizations.Noting that editors described how such second-hand stories shaped their security decisions, we conclude with recommendations for integrating storytelling methods into robust training modules for computer security in collaborative working environments.
[1]
W. Noyes.
United Nations Educational, Scientific and Cultural Organization
,
1946,
International Organization.
[2]
Elizabeth Sillence,et al.
Using the health belief model to explore users' perceptions of 'being safe and secure' in the world of technology mediated financial transactions
,
2014,
Int. J. Hum. Comput. Stud..
[3]
Nikhil Sharma,et al.
Artifact usefulness and usage in sensemaking handoffs
,
2009,
ASIST.
[4]
Rick Wash,et al.
Stories as informal lessons about security
,
2012,
SOUPS.
[5]
Gary Klein,et al.
Making Sense of Sensemaking 1: Alternative Perspectives
,
2006,
IEEE Intelligent Systems.