Creative and Set in Their Ways: Challenges of Security Sensemaking in Newsrooms presented at FOCI 2017

by Franziska Roesner, Kelly Caine, Mahdi Nasrullah Al-ameen, Susan E. Mcgregor, Elizabeth Anne Watkins,

Summary : Maintaining computer security in an organization requires navigating a thorny landscape of adversaries, devices, and systems. As organizations grow more complex, integrating remote workers and networked, third-party tools, security risks multiply, and become more difficult to fully comprehend. News organizations are exemplary of this type of risk-laden workplace, as they combine the technical and complexity issues typical of bureaucratic systems with the creative, autonomous decision-making of journalists. As more industries face changing labor models, shifting to remote workers and building more of their computing needs on third-party platforms, journalists can serve as a critical early-warning population, a canary-in-the-coal-mine look at the management of cybersecurity in the future of work. As a first step towards building our social-science-based research, we took from organization theory the literature on sensemaking, to study how journalists who work in organizations "make sense" of cybersecurity. After analyzing interviews with a range of journalists with diverse priorities and obligations, and testing for an array of sensemaking frameworks, we found fragmented sensemaking to be pervasive. This is a hazardous condition for security in a networked organization, because such a framework correlates with misaligned and scattered behaviors. We conclude with a discussion of questions that emerged during this study, and propose next steps in research.