Trust Mapping workshops exploring the social distribution of knowledge relating to the security of information systems with critical national infrastructure organisations

The project

All organisations depend on security practitioners to ensure good cyber security. In large organisations they may be members of specialist security teams. In smaller organisations, they may work across IT, risk, and procurement.

Security practitioners need technical expertise, but they also need to be good at navigating complex social landscapes. Confidence in the security of any system is a result of a complex web of communication, across divisions of labour, specialisms, allocations of responsibility, contractual relationships, regulatory relationships, spanning teams, organisations, sectors and markets.

Methods

Trust Mapping workshops aredesigned to enable people working within an organisation to better understand the social and technical relationships within the organisation, by creating the opportunity for reflective learning. Participants work together in the workshop session to create a visualisation of the social relationships and to explore the distributions of knowledge and ignorance that they have to work with. Outputs from the workshops can be used to examine issues and potential improvements in their working practices and arrangements.

Results

As part of the ‘Scaling Trust’ project, we carried out 5 Trust Mapping sessions with participating security teams. We learned about how practitioners negotiate uncertainties about their institutional environments, and practitioners commented on how these sessions helped them to learn and reflect on how they know their systems are secure.