In case of a major cyber incident, organizations usually rely on external providers of Cyber Incident Response (CIR) services. CIR consultants operate in a dynamic and constantly changing environment in which they must actively engage in information management and problem solving while adapting to complex circumstances. In this challenging environment CIR consultants need to make critical decisions about what to advise clients that are impacted by a major cyber incident. Despite its relevance, CIR decision making is an understudied topic. The objective of this preliminary investigation is therefore to understand what decision-making strategies experienced CIR consultants use during challenging incidents and to offer suggestions for training and decision-aiding. A general understanding of operational decision making under pressure, uncertainty, and high stakes was established by reviewing the body of knowledge known as Naturalistic Decision Making (NDM). The general conclusion of NDM research is that experts usually make adequate decisions based on (fast) recognition of the situation and applying the most obvious (default) response pattern that has worked in similar situations in the past. In exceptional situations, however, this way of recognition-primed decision-making results in suboptimal decisions as experts are likely to miss conflicting cues once the situation is quickly recognized under pressure. Understanding the default response pattern and the rare occasions in which this response pattern could be ineffective is therefore key for improving and aiding cyber incident response decision making. Therefore, we interviewed six experienced CIR consultants and used the critical decision method (CDM) to learn how they made decisions under challenging conditions. The main conclusion is that the default response pattern for CIR consultants during cyber breaches is to reduce uncertainty as much as possible by gathering and investigating data and thus delay decision making about eradication until the investigation is completed. According to the respondents, this strategy usually works well and provides the most assurance that the threat actor can be completely removed from the network. However, the majority of respondents could recall at least one case in which this strategy (in hindsight) resulted in unnecessary theft of data or damage. Interestingly, this finding is strikingly different from other operational decision-making domains such as the military, police and fire service in which there is a general tendency to act rapidly instead of searching for more information. The main advice is that training and decision aiding of (novice) cyber incident responders should be aimed at the following: (a) make cyber incident responders aware of how recognition-primed decision making works; (b) discuss the default response strategy that typically works well in several scenarios; (c) explain the exception and how the exception can be recognized; (d) provide alternative response strategies that work better in exceptional situations.
During the past two decades the implementation and adoption of information technology has rapidly increased. As a consequence the way businesses operate has changed dramatically. For example, the amount of data has grown exponentially. Companies are looking for ways to use this data to add value to their business. This has implications for the manner in which (financial) governance needs to be organized. The main purpose of this study is to obtain insight in the changing role of controllers in order to add value to the business by means of data analytics. To answer the research question a literature study was performed to establish a theoretical foundation concerning data analytics and its potential use. Second, nineteen interviews were conducted with controllers, data scientists and academics in the financial domain. Thirdly, a focus group with experts was organized in which additional data were gathered. Based on the literature study and the participants responses it is clear that the challenge of the data explosion consist of converting data into information, knowledge and meaningful insights to support decision-making processes. Performing data analyses enables the controller to support rational decision making to complement the intuitive decision making by (senior) management. In this way, the controller has the opportunity to be in the lead of the information provision within an organization. However, controllers need to have more advanced data science and statistic competences to be able to provide management with effective analysis. Specifically, we found that an important skill regarding statistics is the visualization and communication of statistical analysis. This is needed for controllers in order to grow in their role as business partner..
Background: Patient decision aids (PDAs) can support the treatment decision making process and empower patients to take a proactive role in their treatment pathway while using a shared decision-making (SDM) approach making participatory medicine possible. The aim of this study was to develop a PDA for prostate cancer that is accurate and user-friendly. Methods: We followed a user-centered design process consisting of five rounds of semi-structured interviews and usability surveys with topics such as informational/decisional needs of users and requirements for PDAs. Our userbase consisted of 8 urologists, 4 radiation oncologists, 2 oncology nurses, 8 general practitioners, 19 former prostate cancer patients, 4 usability experts and 11 healthy volunteers. Results: Informational needs for patients centered on three key factors: treatment experience, post-treatment quality of life, and the impact of side effects. Patients and clinicians valued a PDA that presents balanced information on these factors through simple understandable language and visual aids. Usability questionnaires revealed that patients were more satisfied overall with the PDA than clinicians; however, both groups had concerns that the PDA might lengthen consultation times (42 and 41%, respectively). The PDA is accessible on http://beslissamen.nl/. Conclusions: User-centered design provided valuable insights into PDA requirements but challenges in integrating diverse perspectives as clinicians focus on clinical outcomes while patients also consider quality of life. Nevertheless, it is crucial to involve a broad base of clinical users in order to better understand the decision-making process and to develop a PDA that is accurate, usable, and acceptable.
Vacation travel is an essential ingredient in quality of life. However, the contriubtion of vacations to quality of life could be improved in two ways: by optimizing the decisions people make when planning and undertaking their vacations, and by travel industry testing and implementing––based on evidence––innovative experience products which touch customers' emotions. Secondary analysis of two longitudinal panel datasets will address the impact of people's decisions in planning and undertaking their vacations, on their quality of life. Field experiments in cooperation with travel industry partners will address the effects of innovative experience products, such as apps designed to help vacationers meet fellow travelers, or personalized memory books designed to help people relive their vacations after return home. Experience data in these field experiments will be collected using technology of the Breda University of Applied Sciences' Experience Measurement Lab, a unique facility for measuring emotions continuously from research participants' body and mind. Thus, the project will contribute to general understanding of quality of life, will feed valuable knowledge about experience design, measurement, and implementation to the Dutch travel industry, and will support the Breda University of Applied Sciences' key research theme of Designing, Measuring, and Managing Experiences. Inspiring examples from the project will reinforce research methods courses in the academic Bachelor of Science in Tourism, the HBO Master in Tourism Destination Management, and the academic Master of Science in Leisure Studies. Wearable emotion measurement from the field experiment will be a cornerstone of the fourth-year HBO-bachelor module Business Intelligence, where students will conduct their own research projects on experience measurement using consumer wearables, based on knowledge from this postdoc project. Finally, a number of methodological and content questions within the project will serve as suitable thesis assignments for graduation students in the above educational tracks.
Performance feedback is an important mechanism of adaptation in learning theories, as it provides one of the motivations for organizations to learn (Pettit, Crossan, and Vera 2017). Embedded in the behavioral theory of the firm, organizational learning from performance feedback predicts the probability for organizations to change with an emphasis on organizational aspirations, which serve as a threshold against which absolute performance is evaluated (Cyert and March 1963; Greve 2003). It postulates that performance becomes a ‘problem’, or the trigger to search for alternative procedures, strategies, products and behaviors, when performance is below that threshold. This search is known as problemistic search. Missing from this body of research, is empirically grounded understanding if the characteristics of performance feedback over time matter for the triggering function of the feedback. I explore this gap. This investigation adds temporality as a dimension of the performance feedback concept guided by a worldview of ongoing change and flux where conditions and choices are not given, but made relevant by actors and enacted upon (Tsoukas and Chia 2002). The general aim of the study is to complement the current knowledge of performance feedback as a trigger for problemistic search with an explicit process temporal approach. The main question guiding this project is how temporal patterns of performance feedback influence organizational change, which I answer in four chapters, each zooming into one sub-question.First, I focus on the temporal order of performance feedback by examining performance feedback and change sequences organizations go through. In this section time is under study and the goal is to explore how feedback patterns have evolved over time, just as the change states organizations pass through. Second, I focus on the plurality of performance feedback by investigating performance feedback from multiple aspiration levels (i.e. multiple qualitatively different metrics and multiple reference points) and how over time clusters of performance feedback sequences have evolved. Next, I look into the rate and scope of change relative to performance feedback sequences and add an element of signal strength to the feedback. In the last chapter, time is a predictor (in the sequences), and, it is under study (in the timing of responses). I focus on the timing of organizational responses in relation to performance feedback sequences of multiple metrics and reference points.In sum, all chapters are guided by the timing problem of performance feedback, meaning that performance feedback does not come ‘available’ at a single point in time. Similarly to stones with unequal weight dropped in the river, performance feedback with different strength comes available at multiple points in time and it is plausible that sometimes it is considered by decision-makers as problematic and sometimes it is not, because of the sequence it is part of. Overall, the investigation is grounded in the general principles of organizational learning from performance feedback, and the concept of time as duration, sequences and timing, with a focus on specification of when things happen. The context of the study is universities of applied sciences and hotels in The Netherlands. Project partner: Tilburg University, School of Social and Behavioral Sciences, Department of Organization Studies
