Sensemaking And Storytelling: Network Security Strategies For Collaborative Groups

Networked organizations must grapple with a constant trade-off between ease of workflow for their employees, and devoting time and resources to computer security. In a group of collaborators whose workflows can differ substantially, creating broad and cohesive awareness around security can be difficult, especially for spaces like news institutions, where continuous collaboration must be carried out under continuous threat of cyberattack. Using a sensemaking framework, we analyzed interviews with two levels of organizational actors, lower-level reporters and higher-level supervising editors. Fragmented sensemaking, in which individuals maintain their own discrete and disconnected approaches to the complex situation of computer security, was pervasive. Storytelling as a sensemaking strategy, however, was found in both levels. In particular, while personal stories were shared by all partici-pants, higher-level editors on average shared more second-hand narratives they'd heard about other organizations.Noting that editors described how such second-hand stories shaped their security decisions, we conclude with recommendations for integrating storytelling methods into robust training modules for computer security in collaborative working environments.