In case of a major cyber incident, organizations usually rely on external providers of Cyber Incident Response (CIR) services. CIR consultants operate in a dynamic and constantly changing environment in which they must actively engage in information management and problem solving while adapting to complex circumstances. In this challenging environment CIR consultants need to make critical decisions about what to advise clients that are impacted by a major cyber incident. Despite its relevance, CIR decision making is an understudied topic. The objective of this preliminary investigation is therefore to understand what decision-making strategies experienced CIR consultants use during challenging incidents and to offer suggestions for training and decision-aiding. A general understanding of operational decision making under pressure, uncertainty, and high stakes was established by reviewing the body of knowledge known as Naturalistic Decision Making (NDM). The general conclusion of NDM research is that experts usually make adequate decisions based on (fast) recognition of the situation and applying the most obvious (default) response pattern that has worked in similar situations in the past. In exceptional situations, however, this way of recognition-primed decision-making results in suboptimal decisions as experts are likely to miss conflicting cues once the situation is quickly recognized under pressure. Understanding the default response pattern and the rare occasions in which this response pattern could be ineffective is therefore key for improving and aiding cyber incident response decision making. Therefore, we interviewed six experienced CIR consultants and used the critical decision method (CDM) to learn how they made decisions under challenging conditions. The main conclusion is that the default response pattern for CIR consultants during cyber breaches is to reduce uncertainty as much as possible by gathering and investigating data and thus delay decision making about eradication until the investigation is completed. According to the respondents, this strategy usually works well and provides the most assurance that the threat actor can be completely removed from the network. However, the majority of respondents could recall at least one case in which this strategy (in hindsight) resulted in unnecessary theft of data or damage. Interestingly, this finding is strikingly different from other operational decision-making domains such as the military, police and fire service in which there is a general tendency to act rapidly instead of searching for more information. The main advice is that training and decision aiding of (novice) cyber incident responders should be aimed at the following: (a) make cyber incident responders aware of how recognition-primed decision making works; (b) discuss the default response strategy that typically works well in several scenarios; (c) explain the exception and how the exception can be recognized; (d) provide alternative response strategies that work better in exceptional situations.
Proper decision-making is one of the most important capabilities of an organization. Therefore, it is important to have a clear understanding and overview of the decisions an organization makes. A means to understanding and modeling decisions is the Decision Model and Notation (DMN) standard published by the Object Management Group in 2015. In this standard, it is possible to design and specify how a decision should be taken. However, DMN lacks elements to specify the actors that fulfil different roles in the decision-making process as well as not taking into account the autonomy of machines. In this paper, we re-address and-present our earlier work [1] that focuses on the construction of a framework that takes into account different roles in the decision-making process, and also includes the extent of the autonomy when machines are involved in the decision-making processes. Yet, we extended our previous research with more detailed discussion of the related literature, running cases, and results, which provides a grounded basis from which further research on the governance of (semi) automated decision-making can be conducted. The contributions of this paper are twofold; 1) a framework that combines both autonomy and separation of concerns aspects for decision-making in practice while 2) the proposed theory forms a grounded argument to enrich the current DMN standard.
The decision-making process in boardrooms has a significant impact on organizational performance. In the last two decades, scientific research on the decision-making process in boardrooms has increased. This resulted in a substantial body of knowledge about boardroom factors and their relation to organizational performance. However, the effectiveness of the decision-making process in boardrooms is still mainly a black box. Amongst other things, scientific findings seem to contradict each other, which could mean additional insights are still missing. This research aims to contribute to a better understanding of this black box.
The impacts of tourism on destinations and the perceptions of local communities have been a major concern both for the industry and research in the past decades. However, tourism planning has been mainly focused on traditions that promote the increase of tourism without taking under consideration the wellbeing of both residents and visitors. To develop a more sustainable tourism model, the inclusion of local residents in tourism decision-making is vital. However, this is not always possible due to structural, economic and socio-cultural restrictions that residents face resulting to their disempowerment. This study aims to explore and interpret the formal processes around tourism decision-making and community empowerment in urban settings. The research proposes a comparative study of three urban destinations in Europe (The Hague in the Netherlands, San Sebastian in Spain and, Ioannina in Greece) that experience similar degree of tourism growth. The proposed study will use a design-based approach in order to understand tourism decision-making and what empowers or disempowers community participation within the destinations. Based on the findings of primary and secondary data, a community empowerment model will be applied in one the destinations as a pilot for resident engagement in tourism planning. The evaluation of the pilot will allow for an optimized model to be created with implications for tourism planning at a local level that can contribute to sustainable destinations that safeguard the interests of local residents and tourists.
The IMPULS-2020 project DIGIREAL (BUas, 2021) aims to significantly strengthen BUAS’ Research and Development (R&D) on Digital Realities for the benefit of innovation in our sectoral industries. The project will furthermore help BUas to position itself in the emerging innovation ecosystems on Human Interaction, AI and Interactive Technologies. The pandemic has had a tremendous negative impact on BUas industrial sectors of research: Tourism, Leisure and Events, Hospitality and Facility, Built Environment and Logistics. Our partner industries are in great need of innovative responses to the crises. Data, AI combined with Interactive and Immersive Technologies (Games, VR/AR) can provide a partial solution, in line with the key-enabling technologies of the Smart Industry agenda. DIGIREAL builds upon our well-established expertise and capacity in entertainment and serious games and digital media (VR/AR). It furthermore strengthens our initial plans to venture into Data and Applied AI. Digital Realities offer great opportunities for sectoral industry research and innovation, such as experience measurement in Leisure and Hospitality, data-driven decision-making for (sustainable) tourism, geo-data simulations for Logistics and Digital Twins for Spatial Planning. Although BUas already has successful R&D projects in these areas, the synergy can and should significantly be improved. We propose a coherent one-year Impuls funded package to develop (in 2021): 1. A multi-year R&D program on Digital Realities, that leads to, 2. Strategic R&D proposals, in particular a SPRONG/sleuteltechnologie proposal; 3. Partnerships in the regional and national innovation ecosystem, in particular Mind Labs and Data Development Lab (DDL); 4. A shared Digital Realities Lab infrastructure, in particular hardware/software/peopleware for Augmented and Mixed Reality; 5. Leadership, support and operational capacity to achieve and support the above. The proposal presents a work program and management structure, with external partners in an advisory role.
Digitalisation has enabled businesses to access and utilise vast amounts of data. Business data analytics allows companies to employ the most recent and relevant data to comprehend situations and enhance decision-making. While the value of data itself is limited, substantial value can be directly or indirectly uncovered from data. This process is referred to as data monetisation. The most successful stories of data monetisation often originate from large corporations, as they have adequate resources to monetise their data. Notably, many such cases arise from prominent Big Tech companies in North America. In contrast, small and medium-sized enterprises (SMEs) have lagged behind in utilising their digital data assets effectively. They are frequently constrained by limited resources to build up capabilities and fully exploit their data. This places them at a strategic disadvantage, particularly as digitalisation is progressively reshaping markets and competitive relationships. Furthermore, the use of digital technologies and data are important in addressing societal challenges such as energy conservation, circularity, and the ageing of the population. This lag has been highlighted by SMEs we have engaged with, where managing directors have indicated their desire to operate based on data, but their companies lack the know-how and are unsure of ‘where to start’. Together with eight SMEs and other partners, we have defined a research project to gain insight into the potential and obstacles of data monetisation in SMEs. More specifically, we will explore how SMEs can transform data into strategic assets and create value. We attempt to demonstrate the journey of data monetisation and illustrate different possibilities to create value from data in SMEs. We will take a holistic approach to examine different aspects of data monetisation and their associations. The outcomes of this project are both practical and academic, such as an SME handbook, academic papers, and case studies.
