Other considerations for benefit-framing
There are a few more things you might want to consider when you're using benefit framing for infosec. These are slightly more advanced...
CLEAR SECURITY COMMUNICATION
Search
How to use benefit frames for infosec
Last time, I introduced the basics of gain-loss framing from health communication. I also discussed how this approach should be applied...
Positive and Proactive: Benefit frames for infosec persuasion
I've spoken before about the need for infosec communication and persuasion to move in a more positive and proactive direction. (This...
Thinking about data after a breach: Fear, outrage, or apathy?
Just in 2017, we've seen a lot of different types of infosec incidents gain major attention. With that attention, we've seen a variety of...
Crisis Communication and Incident Response pt. 2
So, Equifax happened... this blog is not about that, even though it seems like it is. I wrote it before that news broke. Any resemblance...
Crisis Communication and Incident Response pt. 1
In previous posts, I examined the use of communication at the more granular level of technical attribution, now I'd like to zoom out a...
Merging attributions: Using communication and technical attribution to drive narrative
In a previous post, I presented a couple of cases in which communicative attribution (responsibility) and technical attribution...
Fear appeals: what are they good for?
Fear can be a great motivator but it can also be paralyzing. Scholars have examined the use of fear appeals in advertising and public...
Advanced soft skills for InfoSec: Efficacy
UPDATE: I gave a talk on this at BSidesDC and Delaware 2017. Here are my slides for that talk. I've wanted to cover efficacy for a while....
Scared of flying but no breach response plan? Risk perception and information security
It’s commonly known that we (humans) are bad a evaluating risk. We're consumed by worry about risks that are unlikely to impact us and...