Claire TillsJan 30, 20184 minShared Language: how to fake it if you don't have itSpeaking the same language as your audience is important. In most cases you're already speaking the literal, high-level language of your audience but it's a lot more nuanced than that. Language at a lower level is one thing that trips people up on the way to understanding. Jargon, acronyms, slang, and cultural quirks can all act as barriers to mutual understanding - which is the whole reason we communicate. These are so ingrained in us, however, that it takes effort to suppre
Claire TillsNov 6, 20176 minHow to use benefit frames for infosecLast time, I introduced the basics of gain-loss framing from health communication. I also discussed how this approach should be applied to infosec issues. Now I'm going to give you more detail on how to actually use gain-loss framing. What needs to be manipulated In order to drive behavior - particularly preventative/protective actions - your audience needs to be in a certain mental space. There are a few measures from scholarship that we can look at and alter in our audience
Claire TillsOct 26, 20174 minPositive and Proactive: Benefit frames for infosec persuasionI've spoken before about the need for infosec communication and persuasion to move in a more positive and proactive direction. (This isn't an original argument. @iMeluny and @jessysaurusrex have been saying this for a long time now, among others.) Fear isn't an effective way to motivate action in infosec. To effectively persuade people to be more secure, we need to move away from dark, scary, sky is falling narratives. In the last post we learned that framing is about focusin
Claire TillsOct 4, 20175 minHumor and Rumor in Crisis Communication #TrevorForgetI don't want to hop on the meme-train here but the saga of Trevor gave me some ideas so here they are. Humor is rare in crisis communication but it's not unheard of. Rumor, on the other hand, is common. People seek information and explanation in a crisis and aren't as critical of the information they receive - scarcity lowers standards. Rumor has impacted the infosec community in a lot of situations so talking about how to counteract it is important. Trevor wasn’t really a ru
Claire TillsSep 13, 20176 minCrisis Communication and Incident Response pt. 2So, Equifax happened... this blog is not about that, even though it seems like it is. I wrote it before that news broke. Any resemblance to that situation is coincidence. Previously, I went through the first two stages of CERC, pre-crisis and initial, and how they interact with incident response efforts. Now, we move on to the last three stages of CERC: maintenance, resolution, and evaluation. These are some of the most active stages for the organization. Each department will
Claire TillsAug 29, 20175 minMerging attributions: Using communication and technical attribution to drive narrativeIn a previous post, I presented a couple of cases in which communicative attribution (responsibility) and technical attribution conflicted. I selected those cases specifically to show that the public (media, employees, etc.) can pick and choose whether or not to incorporate results of technical attribution in their outrage. Now, let's try to learn something to avoid these cases happening to us. How can communication and technical attribution work together to increase the like