Speaking the same language as your audience is important. In most cases you're already speaking the literal, high-level language of your audience but it's a lot more nuanced than that. Language at a lower level is one thing that trips people up on the way to understanding. Jargon, acronyms, slang, and cultural quirks can all act as barriers to mutual understanding - which is the whole reason we communicate. These are so ingrained in us, however, that it takes effort to suppre

Last time, I introduced the basics of gain-loss framing from health communication. I also discussed how this approach should be applied to infosec issues. Now I'm going to give you more detail on how to actually use gain-loss framing. What needs to be manipulated In order to drive behavior - particularly preventative/protective actions - your audience needs to be in a certain mental space. There are a few measures from scholarship that we can look at and alter in our audience

I've spoken before about the need for infosec communication and persuasion to move in a more positive and proactive direction. (This isn't an original argument. @iMeluny and @jessysaurusrex have been saying this for a long time now, among others.) Fear isn't an effective way to motivate action in infosec. To effectively persuade people to be more secure, we need to move away from dark, scary, sky is falling narratives. In the last post we learned that framing is about focusin

Last week, I started reading into various forms of literacy: digital, financial, information, etc. Reading about the many types of literacy got me wondering if security literacy was an existing concept. It wasn't, as far as I was able to find. I'm taking this opportunity to organize my thoughts about all of this and see what the existing literacy research offers as guidance for potentially developing security literacy. I found that three types of literacy that might be helpfu