Talking cyber security: practices, policies, scenarios