SlideShare ist ein Scribd-Unternehmen logo

McGregor Watkins

Als PPTX, PDF herunterladen
K
Knight Center

ISOJ 2016

News & Politik
1 von 27
Susan E. McGregor Columbia Journalism School @susanemcg / sem2196@columbia.edu Elizabeth Anne Watkins Columbia Journalism School @watkins_welcome / eaw2198@columbia.edu "Security by Obscurity": Journalists' Mental Models of Information Security
We all remember the Snowden revelations
And the Sony hack
And the Gawker lawsuit
According to a Pew Research Survey of investigative journalists conducted in 2014: ● Half did not report using information security tools in their work ● Less than 40% reported changing their methods of communicating with with sources since the Snowden revelations ● Yet the majority believe that the government has collected data about their communications Yet in the last 3 years, it seems little has changed
According to a Pew Research Survey of investigative journalists conducted in 2014: ● 88% reported “decreasing resources in newsrooms” as the top challenge facing journalists today ● 56% named legal action against journalists as the second Yet in the last 3 years, it seems little has changed
Why not?
We approach this question through the lens of mental models.
In the words of cognitive psychologist Donald Norman, mental models are: “What people really have in their heads and guide their use of things.” A mental model describes the way a person or group thinks about a system or process
We conducted in-depth, semi-structured interviews with journalists (N = 15) and editors (N = 7) about their security preferences, practices and concerns. We then analyzed these interviews using an iterative, grounded-theory process to identify and refine common themes Our research
Our results Like the Pew survey, we found that two overarching themes: 1. Our participants strongly related the need for security to the specific beat, geography or story they were covering. 1. Meeting face-to-face was the most consistently cited tactic for avoiding security issues related to digital communications
“It depends on the sector, but not everyone has sensitive information. We have many open sources that don’t require any particular protection...It’s just in certain cases that one really needs to be careful.”
“I haven’t really dealt with something that was life or death. An extra level of security just didn’t seem necessary.”
“If you were on the national security beat [security technology] would be really useful. But I write about domestic social problems, education, crime, poverty.”
“I feel like it depends on how much you think someone is actively spying on you.”
Security by Obscurity Taken together, we found that our participants' mental models of security were largely shaped by two sets of beliefs: 1. That their own level of information security risk was directly proportional to the likelihood that they were being specifically targeted. This was expressed in repeated references suggesting that security risk was a factor of how conspicuous or controversial their coverage was. Conversely, participants expressed that if they were not being specifically targeted, they felt they faced a lower information security risk. 2. That the primary way to lower their information security risk was to take communications offline altogether, e.g. meet sources and/or colleagues in person. Taken together, we characterize this mental model as "security by obscurity."
Security by Obscurity In the computer science literature, "security by obscurity" is often highlighted as a spurious form of security; e.g. the idea that simply using obscure (or secret) security approaches provides sufficient security. We intentionally co-opt this term to indicate journalists' and organizations' belief that if their work remains sufficiently "low-profile," they do not need to concern themselves with information security. We acknowledge that in both cases, "security by obscurity" can provide some tangible short-term protections. In the long run, however, this approach is not tenable in either discipline.
Limitations of "Security by Obscurity" for Journalists: Many successful attacks are phishing-based From the article: The executive saw on her Blackberry that she had just received a bluntly worded email that seemed to have been sent by a reporter at Vice Media, asking her to comment on a Reuters story linked in the message. [...] In her half-asleep state, she was prompted for her webmail credentials and entered them, thinking her access to the page had timed out. When the link led to a broken url on Reuters’ website, she got dressed and began her snowy commute from Brooklyn to Manhattan without a second thought. “It was so insidious,” she says. “I didn’t know I had been hacked for another two hours.”
Limitations of "Security by Obscurity" for Journalists: Journalists and their organizations are not obscure "Ok, it's not crazy or megalomaniacal to think that there might be a group of people who are actually trying to crack [our] systems. Right? I mean, we think of ourselves as prestigious...but not a sort of obvious global target newsroom...So I think that really brought home to us, "No, we are a big old target."
Why does the "security by obscurity" mental model persist?
Understanding journalists' "security by obscurity" stance We found multiple indicators of why journalists may continue to employ a "security by obscurity" mental model despite its gaps and inefficiencies: 1. Poor systems models: many participants expressed uncertainty or confusion about how digital communication systems worked and what kind of protections were afforded by particular practices. 2. "Good enough is good enough": in the absence of clear understandings about the mechanisms of digital communications and their implications, most journalists relied on face-to-face meetings for security. Though limiting, this tactic is both reasonably effective and more highly accessible accessible given their other resources.
I’ve been trying to reduce my Dropbox usage, and so I've been using just a USB stick or something. Which, I actually have no idea how safe that is. It seems more safe.
I tried to send an encrypted email to a manager, and she doesn’t have [encrypted] email. So, it’s available to our company…but it hasn’t been a priority for that manager. So I sent a note to her reporter…who was encrypted but was not in the office. So I said, “I’ll walk over and have a conversation with you, because I can’t send you what I would like to send you. I don’t want to put this in writing."
Ways forward
Improving on "security by obscurity" for journalists A major opportunity in improving the accuracy and efficacy of journalists' mental models of security seem possible through better information dissemination and education. 1. The most prominent and highly-detailed coverage of information security issues for journalists focus on specific beats and topics. At least internally, organizations should clearly communicate the existence and origin of attacks. 2. Engage in direct educational efforts to help journalists and other personnel understand how digital communications work - and how certain security precautions function. Anecdotes from participants suggest this is a successful approach.
My initial response to being prompted to set up two factor authentication on my personal accounts - like on my Gmail account or my Facebook or wherever - was deep skepticism, because it just felt like another corporation asking for my phone number...[But] the whole tech team gave kind of a broader and clearer explanation of why it matters, and it didn't just seem like some kind of fishy thing from a faceless corporation, but more like, you know - here's a person I trust who's looking out for my company telling me why this matters for us as a company, and shortly after we went to two factor for the company, you know, I sort of acquiesced to all of the various two-factor requests in the rest of my life as well.
Susan E. McGregor Columbia Journalism School @susanemcg / sem2196@columbia.edu Elizabeth Anne Watkins Columbia Journalism School @watkins_welcome / eaw2198@columbia.edu "Security by Obscurity": Journalists' Mental Models of Information Security

Empfohlen

An Indistinguishability Model for Evaluating Diverse Classes of Phishing Atta...
An Indistinguishability Model for Evaluating Diverse Classes of Phishing Atta...An Indistinguishability Model for Evaluating Diverse Classes of Phishing Atta...
An Indistinguishability Model for Evaluating Diverse Classes of Phishing Atta...CSCJournals
 
ITE516 A3
ITE516 A3ITE516 A3
ITE516 A3Jon Newson
 
Opportunities and Challenges in Crisis Informatics
Opportunities and Challenges in Crisis InformaticsOpportunities and Challenges in Crisis Informatics
Opportunities and Challenges in Crisis InformaticsLea Shanley
 
Social Engineering CSO Survival Guide
Social Engineering CSO Survival GuideSocial Engineering CSO Survival Guide
Social Engineering CSO Survival GuideE.S.G. JR. Consulting, Inc.
 
An Automated Model to Detect Fake Profiles and botnets in Online Social Netwo...
An Automated Model to Detect Fake Profiles and botnets in Online Social Netwo...An Automated Model to Detect Fake Profiles and botnets in Online Social Netwo...
An Automated Model to Detect Fake Profiles and botnets in Online Social Netwo...IOSR Journals
 
An Approach to Detect and Avoid Social Engineering and Phasing Attack in Soci...
An Approach to Detect and Avoid Social Engineering and Phasing Attack in Soci...An Approach to Detect and Avoid Social Engineering and Phasing Attack in Soci...
An Approach to Detect and Avoid Social Engineering and Phasing Attack in Soci...IJASRD Journal
 
Distributed defense against disinformation: disinformation risk management an...
Distributed defense against disinformation: disinformation risk management an...Distributed defense against disinformation: disinformation risk management an...
Distributed defense against disinformation: disinformation risk management an...Sara-Jayne Terp
 
Cyber Threat to Public Safety Communications
Cyber Threat to Public Safety CommunicationsCyber Threat to Public Safety Communications
Cyber Threat to Public Safety CommunicationsKory Edwards
 

Empfohlen

An Indistinguishability Model for Evaluating Diverse Classes of Phishing Atta...
An Indistinguishability Model for Evaluating Diverse Classes of Phishing Atta...An Indistinguishability Model for Evaluating Diverse Classes of Phishing Atta...
An Indistinguishability Model for Evaluating Diverse Classes of Phishing Atta...CSCJournals
 
ITE516 A3
ITE516 A3ITE516 A3
ITE516 A3Jon Newson
 
Opportunities and Challenges in Crisis Informatics
Opportunities and Challenges in Crisis InformaticsOpportunities and Challenges in Crisis Informatics
Opportunities and Challenges in Crisis InformaticsLea Shanley
 
Social Engineering CSO Survival Guide
Social Engineering CSO Survival GuideSocial Engineering CSO Survival Guide
Social Engineering CSO Survival GuideE.S.G. JR. Consulting, Inc.
 
An Automated Model to Detect Fake Profiles and botnets in Online Social Netwo...
An Automated Model to Detect Fake Profiles and botnets in Online Social Netwo...An Automated Model to Detect Fake Profiles and botnets in Online Social Netwo...
An Automated Model to Detect Fake Profiles and botnets in Online Social Netwo...IOSR Journals
 
An Approach to Detect and Avoid Social Engineering and Phasing Attack in Soci...
An Approach to Detect and Avoid Social Engineering and Phasing Attack in Soci...An Approach to Detect and Avoid Social Engineering and Phasing Attack in Soci...
An Approach to Detect and Avoid Social Engineering and Phasing Attack in Soci...IJASRD Journal
 
Distributed defense against disinformation: disinformation risk management an...
Distributed defense against disinformation: disinformation risk management an...Distributed defense against disinformation: disinformation risk management an...
Distributed defense against disinformation: disinformation risk management an...Sara-Jayne Terp
 
Cyber Threat to Public Safety Communications
Cyber Threat to Public Safety CommunicationsCyber Threat to Public Safety Communications
Cyber Threat to Public Safety CommunicationsKory Edwards
 
Social Engineering-The Underpinning of Unauthorized Access
Social Engineering-The Underpinning of Unauthorized AccessSocial Engineering-The Underpinning of Unauthorized Access
Social Engineering-The Underpinning of Unauthorized AccessKory Edwards
 
Narus Cyber 3.0 Position Paper
Narus Cyber 3.0 Position PaperNarus Cyber 3.0 Position Paper
Narus Cyber 3.0 Position PaperTrobough
 
Issue Tracking: How News 'Moves' Through the Media
Issue Tracking: How News 'Moves' Through the MediaIssue Tracking: How News 'Moves' Through the Media
Issue Tracking: How News 'Moves' Through the Mediaevolve24
 
Facebook
FacebookFacebook
FacebookSteph Cliche
 
Why is cybersecurity important for the entertainment industry
Why is cybersecurity important for the entertainment industry Why is cybersecurity important for the entertainment industry
Why is cybersecurity important for the entertainment industry Lisa Stockley
 
Cyber police an idea for securing cyber space with unique
Cyber police an idea for securing cyber space with uniqueCyber police an idea for securing cyber space with unique
Cyber police an idea for securing cyber space with uniqueBaharul Islam
 
Multi facet trust model for online social network environment
Multi facet trust model for online social network environmentMulti facet trust model for online social network environment
Multi facet trust model for online social network environmentIJNSA Journal
 
ISSC422_Project_Paper_John_Intindolo
ISSC422_Project_Paper_John_IntindoloISSC422_Project_Paper_John_Intindolo
ISSC422_Project_Paper_John_IntindoloJohn Intindolo
 
Cyber Security, Why It's important To You
Cyber Security, Why It's important To YouCyber Security, Why It's important To You
Cyber Security, Why It's important To YouRonald E. Laub Jr
 
204
204204
204vivatechijri
 
Privacy Risk Models for Designing Privacy-Sensitive Ubiquitous Computing Syst...
Privacy Risk Models for Designing Privacy-Sensitive Ubiquitous Computing Syst...Privacy Risk Models for Designing Privacy-Sensitive Ubiquitous Computing Syst...
Privacy Risk Models for Designing Privacy-Sensitive Ubiquitous Computing Syst...Jason Hong
 
10 IJAERS-JUN-2015-42-Social Engineering on Social Networking sites
10 IJAERS-JUN-2015-42-Social Engineering on Social Networking sites10 IJAERS-JUN-2015-42-Social Engineering on Social Networking sites
10 IJAERS-JUN-2015-42-Social Engineering on Social Networking sitesPuneeth Puni
 
CYBER THREAT FORCAST 2016
CYBER THREAT FORCAST 2016 CYBER THREAT FORCAST 2016
CYBER THREAT FORCAST 2016 Bolaji James Bankole CCSS,CEH,MCSA,MCSE,MCP,CCNA,
 
Trends_in_my_profession(revised)
Trends_in_my_profession(revised)Trends_in_my_profession(revised)
Trends_in_my_profession(revised)Mantenso Skido-Achulo
 
Eset trends report_2018
Eset trends report_2018Eset trends report_2018
Eset trends report_2018malvvv
 
How Safe Is YOUR Social Network?
How Safe Is YOUR Social Network?How Safe Is YOUR Social Network?
How Safe Is YOUR Social Network?Blue Coat
 
The mimetic virus A vector for cyberterrorism
The mimetic virus A vector for cyberterrorismThe mimetic virus A vector for cyberterrorism
The mimetic virus A vector for cyberterrorismNicholas Ayres
 
Groves
GrovesGroves
GrovesKnight Center
 
Richardson allissa
Richardson allissaRichardson allissa
Richardson allissaKnight Center
 
Robinson
RobinsonRobinson
RobinsonKnight Center
 
Zhao
ZhaoZhao
ZhaoKnight Center
 
Astrid
AstridAstrid
AstridKnight Center
 

Weitere ähnliche Inhalte

Was ist angesagt?

Social Engineering-The Underpinning of Unauthorized Access
Social Engineering-The Underpinning of Unauthorized AccessSocial Engineering-The Underpinning of Unauthorized Access
Social Engineering-The Underpinning of Unauthorized AccessKory Edwards
 
Narus Cyber 3.0 Position Paper
Narus Cyber 3.0 Position PaperNarus Cyber 3.0 Position Paper
Narus Cyber 3.0 Position PaperTrobough
 
Issue Tracking: How News 'Moves' Through the Media
Issue Tracking: How News 'Moves' Through the MediaIssue Tracking: How News 'Moves' Through the Media
Issue Tracking: How News 'Moves' Through the Mediaevolve24
 
Why is cybersecurity important for the entertainment industry
Why is cybersecurity important for the entertainment industry Why is cybersecurity important for the entertainment industry
Why is cybersecurity important for the entertainment industry Lisa Stockley
 
Cyber police an idea for securing cyber space with unique
Cyber police an idea for securing cyber space with uniqueCyber police an idea for securing cyber space with unique
Cyber police an idea for securing cyber space with uniqueBaharul Islam
 
Multi facet trust model for online social network environment
Multi facet trust model for online social network environmentMulti facet trust model for online social network environment
Multi facet trust model for online social network environmentIJNSA Journal
 
ISSC422_Project_Paper_John_Intindolo
ISSC422_Project_Paper_John_IntindoloISSC422_Project_Paper_John_Intindolo
ISSC422_Project_Paper_John_IntindoloJohn Intindolo
 
Cyber Security, Why It's important To You
Cyber Security, Why It's important To YouCyber Security, Why It's important To You
Cyber Security, Why It's important To YouRonald E. Laub Jr
 
Privacy Risk Models for Designing Privacy-Sensitive Ubiquitous Computing Syst...
Privacy Risk Models for Designing Privacy-Sensitive Ubiquitous Computing Syst...Privacy Risk Models for Designing Privacy-Sensitive Ubiquitous Computing Syst...
Privacy Risk Models for Designing Privacy-Sensitive Ubiquitous Computing Syst...Jason Hong
 
10 IJAERS-JUN-2015-42-Social Engineering on Social Networking sites
10 IJAERS-JUN-2015-42-Social Engineering on Social Networking sites10 IJAERS-JUN-2015-42-Social Engineering on Social Networking sites
10 IJAERS-JUN-2015-42-Social Engineering on Social Networking sitesPuneeth Puni
 
Eset trends report_2018
Eset trends report_2018Eset trends report_2018
Eset trends report_2018malvvv
 
How Safe Is YOUR Social Network?
How Safe Is YOUR Social Network?How Safe Is YOUR Social Network?
How Safe Is YOUR Social Network?Blue Coat
 
The mimetic virus A vector for cyberterrorism
The mimetic virus A vector for cyberterrorismThe mimetic virus A vector for cyberterrorism
The mimetic virus A vector for cyberterrorismNicholas Ayres
 

Was ist angesagt? (17)

Social Engineering-The Underpinning of Unauthorized Access
Social Engineering-The Underpinning of Unauthorized AccessSocial Engineering-The Underpinning of Unauthorized Access
Social Engineering-The Underpinning of Unauthorized Access
 
Narus Cyber 3.0 Position Paper
Narus Cyber 3.0 Position PaperNarus Cyber 3.0 Position Paper
Narus Cyber 3.0 Position Paper
 
Issue Tracking: How News 'Moves' Through the Media
Issue Tracking: How News 'Moves' Through the MediaIssue Tracking: How News 'Moves' Through the Media
Issue Tracking: How News 'Moves' Through the Media
 
Facebook
FacebookFacebook
Facebook
 
Why is cybersecurity important for the entertainment industry
Why is cybersecurity important for the entertainment industry Why is cybersecurity important for the entertainment industry
Why is cybersecurity important for the entertainment industry
 
Cyber police an idea for securing cyber space with unique
Cyber police an idea for securing cyber space with uniqueCyber police an idea for securing cyber space with unique
Cyber police an idea for securing cyber space with unique
 
Multi facet trust model for online social network environment
Multi facet trust model for online social network environmentMulti facet trust model for online social network environment
Multi facet trust model for online social network environment
 
ISSC422_Project_Paper_John_Intindolo
ISSC422_Project_Paper_John_IntindoloISSC422_Project_Paper_John_Intindolo
ISSC422_Project_Paper_John_Intindolo
 
Cyber Security, Why It's important To You
Cyber Security, Why It's important To YouCyber Security, Why It's important To You
Cyber Security, Why It's important To You
 
204
204204
204
 
Privacy Risk Models for Designing Privacy-Sensitive Ubiquitous Computing Syst...
Privacy Risk Models for Designing Privacy-Sensitive Ubiquitous Computing Syst...Privacy Risk Models for Designing Privacy-Sensitive Ubiquitous Computing Syst...
Privacy Risk Models for Designing Privacy-Sensitive Ubiquitous Computing Syst...
 
10 IJAERS-JUN-2015-42-Social Engineering on Social Networking sites
10 IJAERS-JUN-2015-42-Social Engineering on Social Networking sites10 IJAERS-JUN-2015-42-Social Engineering on Social Networking sites
10 IJAERS-JUN-2015-42-Social Engineering on Social Networking sites
 
CYBER THREAT FORCAST 2016
CYBER THREAT FORCAST 2016 CYBER THREAT FORCAST 2016
CYBER THREAT FORCAST 2016
 
Trends_in_my_profession(revised)
Trends_in_my_profession(revised)Trends_in_my_profession(revised)
Trends_in_my_profession(revised)
 
Eset trends report_2018
Eset trends report_2018Eset trends report_2018
Eset trends report_2018
 
How Safe Is YOUR Social Network?
How Safe Is YOUR Social Network?How Safe Is YOUR Social Network?
How Safe Is YOUR Social Network?
 
The mimetic virus A vector for cyberterrorism
The mimetic virus A vector for cyberterrorismThe mimetic virus A vector for cyberterrorism
The mimetic virus A vector for cyberterrorism
 

Andere mochten auch

Andere mochten auch (20)

Groves
GrovesGroves
Groves
 
Richardson allissa
Richardson allissaRichardson allissa
Richardson allissa
 
Robinson
RobinsonRobinson
Robinson
 
Zhao
ZhaoZhao
Zhao
 
Astrid
AstridAstrid
Astrid
 
Wilkinson
WilkinsonWilkinson
Wilkinson
 
Meo
MeoMeo
Meo
 
Ismael
IsmaelIsmael
Ismael
 
Benz
BenzBenz
Benz
 
Jennifer2011
Jennifer2011Jennifer2011
Jennifer2011
 
Wikipedia. lih.
Wikipedia. lih.Wikipedia. lih.
Wikipedia. lih.
 
Trevor Snapp
Trevor SnappTrevor Snapp
Trevor Snapp
 
Linda jean
Linda jeanLinda jean
Linda jean
 
Gingras
GingrasGingras
Gingras
 
Kian
KianKian
Kian
 
Dugmore
DugmoreDugmore
Dugmore
 
Blasingame2011
Blasingame2011Blasingame2011
Blasingame2011
 
Daniela Gerson
Daniela GersonDaniela Gerson
Daniela Gerson
 
Indispensable2
Indispensable2Indispensable2
Indispensable2
 
Kinsey Wilson
Kinsey WilsonKinsey Wilson
Kinsey Wilson
 

Ähnlich wie McGregor Watkins

White Paper: Social Engineering and Cyber Attacks: The Psychology of Deception
White Paper: Social Engineering and Cyber Attacks: The Psychology of DeceptionWhite Paper: Social Engineering and Cyber Attacks: The Psychology of Deception
White Paper: Social Engineering and Cyber Attacks: The Psychology of DeceptionEMC
 
Privacy vs personalization: advisory for brand and comms practitioners into 2...
Privacy vs personalization: advisory for brand and comms practitioners into 2...Privacy vs personalization: advisory for brand and comms practitioners into 2...
Privacy vs personalization: advisory for brand and comms practitioners into 2...Dave Holland
 
Privacy as identity territoriality re-conceptualising behaviour in cyberspace
Privacy as identity territoriality re-conceptualising behaviour in cyberspacePrivacy as identity territoriality re-conceptualising behaviour in cyberspace
Privacy as identity territoriality re-conceptualising behaviour in cyberspaceFabrice Epelboin
 
How to Make People Click on a Dangerous Link Despite their Security Awareness
How to Make People Click on a Dangerous Link Despite their Security Awareness How to Make People Click on a Dangerous Link Despite their Security Awareness
How to Make People Click on a Dangerous Link Despite their Security Awareness mark-smith
 
A criminological psychology based digital forensic investigative framework
A criminological psychology based digital forensic investigative frameworkA criminological psychology based digital forensic investigative framework
A criminological psychology based digital forensic investigative frameworkSameer Dasaka
 
DBryant-Cybersecurity Challenge
DBryant-Cybersecurity ChallengeDBryant-Cybersecurity Challenge
DBryant-Cybersecurity Challengemsdee3362
 
Airport IT&T 2013 John McCarthy
Airport IT&T 2013 John McCarthyAirport IT&T 2013 John McCarthy
Airport IT&T 2013 John McCarthyRussell Publishing
 
Social engineering presentation
Social engineering presentationSocial engineering presentation
Social engineering presentationpooja_doshi
 
Credential Harvesting Using Man in the Middle Attack via Social Engineering
Credential Harvesting Using Man in the Middle Attack via Social EngineeringCredential Harvesting Using Man in the Middle Attack via Social Engineering
Credential Harvesting Using Man in the Middle Attack via Social Engineeringijtsrd
 
Banning Whining, Avoiding Cyber Wolves, and Creating Warrior
Banning Whining, Avoiding Cyber Wolves, and Creating WarriorBanning Whining, Avoiding Cyber Wolves, and Creating Warrior
Banning Whining, Avoiding Cyber Wolves, and Creating WarriorSandra (Sandy) Dunn
 
The Evolving Landscape on Information Security
The Evolving Landscape on Information SecurityThe Evolving Landscape on Information Security
The Evolving Landscape on Information SecuritySimoun Ung
 
A COMPREHENSIVE SURVEY OF PHISHING ATTACKS AND DEFENCES: HUMAN FACTORS, TRAIN...
A COMPREHENSIVE SURVEY OF PHISHING ATTACKS AND DEFENCES: HUMAN FACTORS, TRAIN...A COMPREHENSIVE SURVEY OF PHISHING ATTACKS AND DEFENCES: HUMAN FACTORS, TRAIN...
A COMPREHENSIVE SURVEY OF PHISHING ATTACKS AND DEFENCES: HUMAN FACTORS, TRAIN...IJNSA Journal
 
The Black Report - Hackers
The Black Report - HackersThe Black Report - Hackers
The Black Report - HackersDendreon
 
National Life IT Department's Cyber Security Awareness Presentation
National Life IT Department's Cyber Security Awareness PresentationNational Life IT Department's Cyber Security Awareness Presentation
National Life IT Department's Cyber Security Awareness PresentationJamie Proctor-Brassard
 
Security personnel are increasingly having to think about the locati.docx
Security personnel are increasingly having to think about the locati.docxSecurity personnel are increasingly having to think about the locati.docx
Security personnel are increasingly having to think about the locati.docxjeffreye3
 
How to Migrate Your Organization to a More Security-Minded Culture – From Dev...
How to Migrate Your Organization to a More Security-Minded Culture – From Dev...How to Migrate Your Organization to a More Security-Minded Culture – From Dev...
How to Migrate Your Organization to a More Security-Minded Culture – From Dev...Dana Gardner
 
CIS490 Lab 1 Social Engineering AuditSocial engineering attacks.docx
CIS490 Lab 1 Social Engineering AuditSocial engineering attacks.docxCIS490 Lab 1 Social Engineering AuditSocial engineering attacks.docx
CIS490 Lab 1 Social Engineering AuditSocial engineering attacks.docxmonicafrancis71118
 
Social Media & Social Networking: A Cautionary Tale
Social Media & Social Networking: A Cautionary TaleSocial Media & Social Networking: A Cautionary Tale
Social Media & Social Networking: A Cautionary TaleMike Gotta
 
Topic Online ScamsI. Background InformationThe topic.docx
Topic Online ScamsI. Background InformationThe topic.docxTopic Online ScamsI. Background InformationThe topic.docx
Topic Online ScamsI. Background InformationThe topic.docxjuliennehar
 
Fake News Detection on Social Media using Machine Learning
Fake News Detection on Social Media using Machine LearningFake News Detection on Social Media using Machine Learning
Fake News Detection on Social Media using Machine Learningclassic tpr
 

Ähnlich wie McGregor Watkins (20)

White Paper: Social Engineering and Cyber Attacks: The Psychology of Deception
White Paper: Social Engineering and Cyber Attacks: The Psychology of DeceptionWhite Paper: Social Engineering and Cyber Attacks: The Psychology of Deception
White Paper: Social Engineering and Cyber Attacks: The Psychology of Deception
 
Privacy vs personalization: advisory for brand and comms practitioners into 2...
Privacy vs personalization: advisory for brand and comms practitioners into 2...Privacy vs personalization: advisory for brand and comms practitioners into 2...
Privacy vs personalization: advisory for brand and comms practitioners into 2...
 
Privacy as identity territoriality re-conceptualising behaviour in cyberspace
Privacy as identity territoriality re-conceptualising behaviour in cyberspacePrivacy as identity territoriality re-conceptualising behaviour in cyberspace
Privacy as identity territoriality re-conceptualising behaviour in cyberspace
 
How to Make People Click on a Dangerous Link Despite their Security Awareness
How to Make People Click on a Dangerous Link Despite their Security Awareness How to Make People Click on a Dangerous Link Despite their Security Awareness
How to Make People Click on a Dangerous Link Despite their Security Awareness
 
A criminological psychology based digital forensic investigative framework
A criminological psychology based digital forensic investigative frameworkA criminological psychology based digital forensic investigative framework
A criminological psychology based digital forensic investigative framework
 
DBryant-Cybersecurity Challenge
DBryant-Cybersecurity ChallengeDBryant-Cybersecurity Challenge
DBryant-Cybersecurity Challenge
 
Airport IT&T 2013 John McCarthy
Airport IT&T 2013 John McCarthyAirport IT&T 2013 John McCarthy
Airport IT&T 2013 John McCarthy
 
Social engineering presentation
Social engineering presentationSocial engineering presentation
Social engineering presentation
 
Credential Harvesting Using Man in the Middle Attack via Social Engineering
Credential Harvesting Using Man in the Middle Attack via Social EngineeringCredential Harvesting Using Man in the Middle Attack via Social Engineering
Credential Harvesting Using Man in the Middle Attack via Social Engineering
 
Banning Whining, Avoiding Cyber Wolves, and Creating Warrior
Banning Whining, Avoiding Cyber Wolves, and Creating WarriorBanning Whining, Avoiding Cyber Wolves, and Creating Warrior
Banning Whining, Avoiding Cyber Wolves, and Creating Warrior
 
The Evolving Landscape on Information Security
The Evolving Landscape on Information SecurityThe Evolving Landscape on Information Security
The Evolving Landscape on Information Security
 
A COMPREHENSIVE SURVEY OF PHISHING ATTACKS AND DEFENCES: HUMAN FACTORS, TRAIN...
A COMPREHENSIVE SURVEY OF PHISHING ATTACKS AND DEFENCES: HUMAN FACTORS, TRAIN...A COMPREHENSIVE SURVEY OF PHISHING ATTACKS AND DEFENCES: HUMAN FACTORS, TRAIN...
A COMPREHENSIVE SURVEY OF PHISHING ATTACKS AND DEFENCES: HUMAN FACTORS, TRAIN...
 
The Black Report - Hackers
The Black Report - HackersThe Black Report - Hackers
The Black Report - Hackers
 
National Life IT Department's Cyber Security Awareness Presentation
National Life IT Department's Cyber Security Awareness PresentationNational Life IT Department's Cyber Security Awareness Presentation
National Life IT Department's Cyber Security Awareness Presentation
 
Security personnel are increasingly having to think about the locati.docx
Security personnel are increasingly having to think about the locati.docxSecurity personnel are increasingly having to think about the locati.docx
Security personnel are increasingly having to think about the locati.docx
 
How to Migrate Your Organization to a More Security-Minded Culture – From Dev...
How to Migrate Your Organization to a More Security-Minded Culture – From Dev...How to Migrate Your Organization to a More Security-Minded Culture – From Dev...
How to Migrate Your Organization to a More Security-Minded Culture – From Dev...
 
CIS490 Lab 1 Social Engineering AuditSocial engineering attacks.docx
CIS490 Lab 1 Social Engineering AuditSocial engineering attacks.docxCIS490 Lab 1 Social Engineering AuditSocial engineering attacks.docx
CIS490 Lab 1 Social Engineering AuditSocial engineering attacks.docx
 
Social Media & Social Networking: A Cautionary Tale
Social Media & Social Networking: A Cautionary TaleSocial Media & Social Networking: A Cautionary Tale
Social Media & Social Networking: A Cautionary Tale
 
Topic Online ScamsI. Background InformationThe topic.docx
Topic Online ScamsI. Background InformationThe topic.docxTopic Online ScamsI. Background InformationThe topic.docx
Topic Online ScamsI. Background InformationThe topic.docx
 
Fake News Detection on Social Media using Machine Learning
Fake News Detection on Social Media using Machine LearningFake News Detection on Social Media using Machine Learning
Fake News Detection on Social Media using Machine Learning
 

Mehr von Knight Center

Mehr von Knight Center (20)

Martin
MartinMartin
Martin
 
Britt
BrittBritt
Britt
 
Joseph yoo
Joseph yooJoseph yoo
Joseph yoo
 
Singer
SingerSinger
Singer
 
Ramirez
RamirezRamirez
Ramirez
 
Griggs
GriggsGriggs
Griggs
 
Ting tingchia
Ting tingchiaTing tingchia
Ting tingchia
 
Symson
SymsonSymson
Symson
 
Garcia ruiz
Garcia ruizGarcia ruiz
Garcia ruiz
 
Brundrett. 2015
Brundrett. 2015Brundrett. 2015
Brundrett. 2015
 
J moroney
J moroneyJ moroney
J moroney
 
Collins
CollinsCollins
Collins
 
Ray
RayRay
Ray
 
Owen
OwenOwen
Owen
 
Royal blasingame
Royal blasingameRoyal blasingame
Royal blasingame
 
Diakopoulos
DiakopoulosDiakopoulos
Diakopoulos
 
Scacco
ScaccoScacco
Scacco
 
Havlak
HavlakHavlak
Havlak
 
Lee
LeeLee
Lee
 
Hernandez
HernandezHernandez
Hernandez
 

Kürzlich hochgeladen

declarationleaders_sd_re_greens_theleft_5.pdf
declarationleaders_sd_re_greens_theleft_5.pdfdeclarationleaders_sd_re_greens_theleft_5.pdf
declarationleaders_sd_re_greens_theleft_5.pdfssuser5750e1
 
05052024_First India Newspaper Jaipur.pdf
05052024_First India Newspaper Jaipur.pdf05052024_First India Newspaper Jaipur.pdf
05052024_First India Newspaper Jaipur.pdfFIRST INDIA
 
06052024_First India Newspaper Jaipur.pdf
06052024_First India Newspaper Jaipur.pdf06052024_First India Newspaper Jaipur.pdf
06052024_First India Newspaper Jaipur.pdfFIRST INDIA
 
{Qatar{^🚀^(+971558539980**}})Abortion Pills for Sale in Dubai. .abu dhabi, sh...
{Qatar{^🚀^(+971558539980**}})Abortion Pills for Sale in Dubai. .abu dhabi, sh...{Qatar{^🚀^(+971558539980**}})Abortion Pills for Sale in Dubai. .abu dhabi, sh...
{Qatar{^🚀^(+971558539980**}})Abortion Pills for Sale in Dubai. .abu dhabi, sh...hyt3577
 
KING VISHNU BHAGWANON KA BHAGWAN PARAMATMONKA PARATOMIC PARAMANU KASARVAMANVA...
KING VISHNU BHAGWANON KA BHAGWAN PARAMATMONKA PARATOMIC PARAMANU KASARVAMANVA...KING VISHNU BHAGWANON KA BHAGWAN PARAMATMONKA PARATOMIC PARAMANU KASARVAMANVA...
KING VISHNU BHAGWANON KA BHAGWAN PARAMATMONKA PARATOMIC PARAMANU KASARVAMANVA...IT Industry
 
Embed-2 (1).pdfb[k[k[[k[kkkpkdpokkdpkopko
Embed-2 (1).pdfb[k[k[[k[kkkpkdpokkdpkopkoEmbed-2 (1).pdfb[k[k[[k[kkkpkdpokkdpkopko
Embed-2 (1).pdfb[k[k[[k[kkkpkdpokkdpkopkobhavenpr
 
Transformative Leadership: N Chandrababu Naidu and TDP's Vision for Innovatio...
Transformative Leadership: N Chandrababu Naidu and TDP's Vision for Innovatio...Transformative Leadership: N Chandrababu Naidu and TDP's Vision for Innovatio...
Transformative Leadership: N Chandrababu Naidu and TDP's Vision for Innovatio...srinuseo15
 
Politician uddhav thackeray biography- Full Details
Politician uddhav thackeray biography- Full DetailsPolitician uddhav thackeray biography- Full Details
Politician uddhav thackeray biography- Full DetailsVoterMood
 
Gujarat-SEBCs.pdf pfpkoopapriorjfperjreie
Gujarat-SEBCs.pdf pfpkoopapriorjfperjreieGujarat-SEBCs.pdf pfpkoopapriorjfperjreie
Gujarat-SEBCs.pdf pfpkoopapriorjfperjreiebhavenpr
 
The political system of the united kingdom
The political system of the united kingdomThe political system of the united kingdom
The political system of the united kingdomlunadelior
 
Group_5_US-China Trade War to understand the trade
Group_5_US-China Trade War to understand the tradeGroup_5_US-China Trade War to understand the trade
Group_5_US-China Trade War to understand the tradeRahatulAshafeen
 
Job-Oriеntеd Courses That Will Boost Your Career in 2024
Job-Oriеntеd Courses That Will Boost Your Career in 2024Job-Oriеntеd Courses That Will Boost Your Career in 2024
Job-Oriеntеd Courses That Will Boost Your Career in 2024Insiger
 
422524114-Patriarchy-Kamla-Bhasin gg.pdf
422524114-Patriarchy-Kamla-Bhasin gg.pdf422524114-Patriarchy-Kamla-Bhasin gg.pdf
422524114-Patriarchy-Kamla-Bhasin gg.pdflambardar420420
 
*Navigating Electoral Terrain: TDP's Performance under N Chandrababu Naidu's ...
*Navigating Electoral Terrain: TDP's Performance under N Chandrababu Naidu's ...*Navigating Electoral Terrain: TDP's Performance under N Chandrababu Naidu's ...
*Navigating Electoral Terrain: TDP's Performance under N Chandrababu Naidu's ...anjanibaddipudi1
 
America Is the Target; Israel Is the Front Line _ Andy Blumenthal _ The Blogs...
America Is the Target; Israel Is the Front Line _ Andy Blumenthal _ The Blogs...America Is the Target; Israel Is the Front Line _ Andy Blumenthal _ The Blogs...
America Is the Target; Israel Is the Front Line _ Andy Blumenthal _ The Blogs...Andy (Avraham) Blumenthal
 
04052024_First India Newspaper Jaipur.pdf
04052024_First India Newspaper Jaipur.pdf04052024_First India Newspaper Jaipur.pdf
04052024_First India Newspaper Jaipur.pdfFIRST INDIA
 
THE OBSTACLES THAT IMPEDE THE DEVELOPMENT OF BRAZIL IN THE CONTEMPORARY ERA A...
THE OBSTACLES THAT IMPEDE THE DEVELOPMENT OF BRAZIL IN THE CONTEMPORARY ERA A...THE OBSTACLES THAT IMPEDE THE DEVELOPMENT OF BRAZIL IN THE CONTEMPORARY ERA A...
THE OBSTACLES THAT IMPEDE THE DEVELOPMENT OF BRAZIL IN THE CONTEMPORARY ERA A...Faga1939
 
Embed-4.pdf lkdiinlajeklhndklheduhuekjdh
Embed-4.pdf lkdiinlajeklhndklheduhuekjdhEmbed-4.pdf lkdiinlajeklhndklheduhuekjdh
Embed-4.pdf lkdiinlajeklhndklheduhuekjdhbhavenpr
 
China's soft power in 21st century .pptx
China's soft power in 21st century .pptxChina's soft power in 21st century .pptx
China's soft power in 21st century .pptxYasinAhmad20
 

Kürzlich hochgeladen (20)

declarationleaders_sd_re_greens_theleft_5.pdf
declarationleaders_sd_re_greens_theleft_5.pdfdeclarationleaders_sd_re_greens_theleft_5.pdf
declarationleaders_sd_re_greens_theleft_5.pdf
 
05052024_First India Newspaper Jaipur.pdf
05052024_First India Newspaper Jaipur.pdf05052024_First India Newspaper Jaipur.pdf
05052024_First India Newspaper Jaipur.pdf
 
06052024_First India Newspaper Jaipur.pdf
06052024_First India Newspaper Jaipur.pdf06052024_First India Newspaper Jaipur.pdf
06052024_First India Newspaper Jaipur.pdf
 
{Qatar{^🚀^(+971558539980**}})Abortion Pills for Sale in Dubai. .abu dhabi, sh...
{Qatar{^🚀^(+971558539980**}})Abortion Pills for Sale in Dubai. .abu dhabi, sh...{Qatar{^🚀^(+971558539980**}})Abortion Pills for Sale in Dubai. .abu dhabi, sh...
{Qatar{^🚀^(+971558539980**}})Abortion Pills for Sale in Dubai. .abu dhabi, sh...
 
KING VISHNU BHAGWANON KA BHAGWAN PARAMATMONKA PARATOMIC PARAMANU KASARVAMANVA...
KING VISHNU BHAGWANON KA BHAGWAN PARAMATMONKA PARATOMIC PARAMANU KASARVAMANVA...KING VISHNU BHAGWANON KA BHAGWAN PARAMATMONKA PARATOMIC PARAMANU KASARVAMANVA...
KING VISHNU BHAGWANON KA BHAGWAN PARAMATMONKA PARATOMIC PARAMANU KASARVAMANVA...
 
Embed-2 (1).pdfb[k[k[[k[kkkpkdpokkdpkopko
Embed-2 (1).pdfb[k[k[[k[kkkpkdpokkdpkopkoEmbed-2 (1).pdfb[k[k[[k[kkkpkdpokkdpkopko
Embed-2 (1).pdfb[k[k[[k[kkkpkdpokkdpkopko
 
Transformative Leadership: N Chandrababu Naidu and TDP's Vision for Innovatio...
Transformative Leadership: N Chandrababu Naidu and TDP's Vision for Innovatio...Transformative Leadership: N Chandrababu Naidu and TDP's Vision for Innovatio...
Transformative Leadership: N Chandrababu Naidu and TDP's Vision for Innovatio...
 
Politician uddhav thackeray biography- Full Details
Politician uddhav thackeray biography- Full DetailsPolitician uddhav thackeray biography- Full Details
Politician uddhav thackeray biography- Full Details
 
Gujarat-SEBCs.pdf pfpkoopapriorjfperjreie
Gujarat-SEBCs.pdf pfpkoopapriorjfperjreieGujarat-SEBCs.pdf pfpkoopapriorjfperjreie
Gujarat-SEBCs.pdf pfpkoopapriorjfperjreie
 
The political system of the united kingdom
The political system of the united kingdomThe political system of the united kingdom
The political system of the united kingdom
 
Group_5_US-China Trade War to understand the trade
Group_5_US-China Trade War to understand the tradeGroup_5_US-China Trade War to understand the trade
Group_5_US-China Trade War to understand the trade
 
Job-Oriеntеd Courses That Will Boost Your Career in 2024
Job-Oriеntеd Courses That Will Boost Your Career in 2024Job-Oriеntеd Courses That Will Boost Your Career in 2024
Job-Oriеntеd Courses That Will Boost Your Career in 2024
 
9953056974 Call Girls In Pratap Nagar, Escorts (Delhi) NCR
9953056974 Call Girls In Pratap Nagar, Escorts (Delhi) NCR9953056974 Call Girls In Pratap Nagar, Escorts (Delhi) NCR
9953056974 Call Girls In Pratap Nagar, Escorts (Delhi) NCR
 
422524114-Patriarchy-Kamla-Bhasin gg.pdf
422524114-Patriarchy-Kamla-Bhasin gg.pdf422524114-Patriarchy-Kamla-Bhasin gg.pdf
422524114-Patriarchy-Kamla-Bhasin gg.pdf
 
*Navigating Electoral Terrain: TDP's Performance under N Chandrababu Naidu's ...
*Navigating Electoral Terrain: TDP's Performance under N Chandrababu Naidu's ...*Navigating Electoral Terrain: TDP's Performance under N Chandrababu Naidu's ...
*Navigating Electoral Terrain: TDP's Performance under N Chandrababu Naidu's ...
 
America Is the Target; Israel Is the Front Line _ Andy Blumenthal _ The Blogs...
America Is the Target; Israel Is the Front Line _ Andy Blumenthal _ The Blogs...America Is the Target; Israel Is the Front Line _ Andy Blumenthal _ The Blogs...
America Is the Target; Israel Is the Front Line _ Andy Blumenthal _ The Blogs...
 
04052024_First India Newspaper Jaipur.pdf
04052024_First India Newspaper Jaipur.pdf04052024_First India Newspaper Jaipur.pdf
04052024_First India Newspaper Jaipur.pdf
 
THE OBSTACLES THAT IMPEDE THE DEVELOPMENT OF BRAZIL IN THE CONTEMPORARY ERA A...
THE OBSTACLES THAT IMPEDE THE DEVELOPMENT OF BRAZIL IN THE CONTEMPORARY ERA A...THE OBSTACLES THAT IMPEDE THE DEVELOPMENT OF BRAZIL IN THE CONTEMPORARY ERA A...
THE OBSTACLES THAT IMPEDE THE DEVELOPMENT OF BRAZIL IN THE CONTEMPORARY ERA A...
 
Embed-4.pdf lkdiinlajeklhndklheduhuekjdh
Embed-4.pdf lkdiinlajeklhndklheduhuekjdhEmbed-4.pdf lkdiinlajeklhndklheduhuekjdh
Embed-4.pdf lkdiinlajeklhndklheduhuekjdh
 
China's soft power in 21st century .pptx
China's soft power in 21st century .pptxChina's soft power in 21st century .pptx
China's soft power in 21st century .pptx
 

McGregor Watkins

  • 1. Susan E. McGregor Columbia Journalism School @susanemcg / sem2196@columbia.edu Elizabeth Anne Watkins Columbia Journalism School @watkins_welcome / eaw2198@columbia.edu "Security by Obscurity": Journalists' Mental Models of Information Security
  • 2. We all remember the Snowden revelations
  • 4. And the Gawker lawsuit
  • 5. According to a Pew Research Survey of investigative journalists conducted in 2014: ● Half did not report using information security tools in their work ● Less than 40% reported changing their methods of communicating with with sources since the Snowden revelations ● Yet the majority believe that the government has collected data about their communications Yet in the last 3 years, it seems little has changed
  • 6. According to a Pew Research Survey of investigative journalists conducted in 2014: ● 88% reported “decreasing resources in newsrooms” as the top challenge facing journalists today ● 56% named legal action against journalists as the second Yet in the last 3 years, it seems little has changed
  • 8. We approach this question through the lens of mental models.
  • 9. In the words of cognitive psychologist Donald Norman, mental models are: “What people really have in their heads and guide their use of things.” A mental model describes the way a person or group thinks about a system or process
  • 10. We conducted in-depth, semi-structured interviews with journalists (N = 15) and editors (N = 7) about their security preferences, practices and concerns. We then analyzed these interviews using an iterative, grounded-theory process to identify and refine common themes Our research
  • 11. Our results Like the Pew survey, we found that two overarching themes: 1. Our participants strongly related the need for security to the specific beat, geography or story they were covering. 1. Meeting face-to-face was the most consistently cited tactic for avoiding security issues related to digital communications
  • 12. “It depends on the sector, but not everyone has sensitive information. We have many open sources that don’t require any particular protection...It’s just in certain cases that one really needs to be careful.”
  • 13. “I haven’t really dealt with something that was life or death. An extra level of security just didn’t seem necessary.”
  • 14. “If you were on the national security beat [security technology] would be really useful. But I write about domestic social problems, education, crime, poverty.”
  • 15. “I feel like it depends on how much you think someone is actively spying on you.”
  • 16. Security by Obscurity Taken together, we found that our participants' mental models of security were largely shaped by two sets of beliefs: 1. That their own level of information security risk was directly proportional to the likelihood that they were being specifically targeted. This was expressed in repeated references suggesting that security risk was a factor of how conspicuous or controversial their coverage was. Conversely, participants expressed that if they were not being specifically targeted, they felt they faced a lower information security risk. 2. That the primary way to lower their information security risk was to take communications offline altogether, e.g. meet sources and/or colleagues in person. Taken together, we characterize this mental model as "security by obscurity."
  • 17. Security by Obscurity In the computer science literature, "security by obscurity" is often highlighted as a spurious form of security; e.g. the idea that simply using obscure (or secret) security approaches provides sufficient security. We intentionally co-opt this term to indicate journalists' and organizations' belief that if their work remains sufficiently "low-profile," they do not need to concern themselves with information security. We acknowledge that in both cases, "security by obscurity" can provide some tangible short-term protections. In the long run, however, this approach is not tenable in either discipline.
  • 18. Limitations of "Security by Obscurity" for Journalists: Many successful attacks are phishing-based From the article: The executive saw on her Blackberry that she had just received a bluntly worded email that seemed to have been sent by a reporter at Vice Media, asking her to comment on a Reuters story linked in the message. [...] In her half-asleep state, she was prompted for her webmail credentials and entered them, thinking her access to the page had timed out. When the link led to a broken url on Reuters’ website, she got dressed and began her snowy commute from Brooklyn to Manhattan without a second thought. “It was so insidious,” she says. “I didn’t know I had been hacked for another two hours.”
  • 19. Limitations of "Security by Obscurity" for Journalists: Journalists and their organizations are not obscure "Ok, it's not crazy or megalomaniacal to think that there might be a group of people who are actually trying to crack [our] systems. Right? I mean, we think of ourselves as prestigious...but not a sort of obvious global target newsroom...So I think that really brought home to us, "No, we are a big old target."
  • 20. Why does the "security by obscurity" mental model persist?
  • 21. Understanding journalists' "security by obscurity" stance We found multiple indicators of why journalists may continue to employ a "security by obscurity" mental model despite its gaps and inefficiencies: 1. Poor systems models: many participants expressed uncertainty or confusion about how digital communication systems worked and what kind of protections were afforded by particular practices. 2. "Good enough is good enough": in the absence of clear understandings about the mechanisms of digital communications and their implications, most journalists relied on face-to-face meetings for security. Though limiting, this tactic is both reasonably effective and more highly accessible accessible given their other resources.
  • 22. I’ve been trying to reduce my Dropbox usage, and so I've been using just a USB stick or something. Which, I actually have no idea how safe that is. It seems more safe.
  • 23. I tried to send an encrypted email to a manager, and she doesn’t have [encrypted] email. So, it’s available to our company…but it hasn’t been a priority for that manager. So I sent a note to her reporter…who was encrypted but was not in the office. So I said, “I’ll walk over and have a conversation with you, because I can’t send you what I would like to send you. I don’t want to put this in writing."
  • 25. Improving on "security by obscurity" for journalists A major opportunity in improving the accuracy and efficacy of journalists' mental models of security seem possible through better information dissemination and education. 1. The most prominent and highly-detailed coverage of information security issues for journalists focus on specific beats and topics. At least internally, organizations should clearly communicate the existence and origin of attacks. 2. Engage in direct educational efforts to help journalists and other personnel understand how digital communications work - and how certain security precautions function. Anecdotes from participants suggest this is a successful approach.
  • 26. My initial response to being prompted to set up two factor authentication on my personal accounts - like on my Gmail account or my Facebook or wherever - was deep skepticism, because it just felt like another corporation asking for my phone number...[But] the whole tech team gave kind of a broader and clearer explanation of why it matters, and it didn't just seem like some kind of fishy thing from a faceless corporation, but more like, you know - here's a person I trust who's looking out for my company telling me why this matters for us as a company, and shortly after we went to two factor for the company, you know, I sort of acquiesced to all of the various two-factor requests in the rest of my life as well.
  • 27. Susan E. McGregor Columbia Journalism School @susanemcg / sem2196@columbia.edu Elizabeth Anne Watkins Columbia Journalism School @watkins_welcome / eaw2198@columbia.edu "Security by Obscurity": Journalists' Mental Models of Information Security

Hinweis der Redaktion

  1. Title slide here
  2. "Snowden blah blah blah"
  3. Sony/Gawker
  4. Sony/Gawker
  5. Pew Research here
  6. Pew Research here
  7. Why not?
  8. Why not?
  9. Introducing mental models
  10. Pew Research here
  11. Pew Research here
  12. Beat, geo, story (pull quotes)
  13. Beat, geo, story (pull quotes)
  14. Beat, geo, story (pull quotes)
  15. Beat, geo, story (pull quotes)
  16. Pew Research here
  17. Pew Research here
  18. Mental models are a thing
  19. Mental models are a thing
  20. Why not?
  21. Pew Research here
  22. Beat, geo, story (pull quotes)
  23. Beat, geo, story (pull quotes)
  24. Why not?
  25. Pew Research here
  26. Beat, geo, story (pull quotes)
  27. Title slide here