In case of a major cyber incident, organizations usually rely on external providers of Cyber Incident Response (CIR) services. CIR consultants operate in a dynamic and constantly changing environment in which they must actively engage in information management and problem solving while adapting to complex circumstances. In this challenging environment CIR consultants need to make critical decisions about what to advise clients that are impacted by a major cyber incident. Despite its relevance, CIR decision making is an understudied topic. The objective of this preliminary investigation is therefore to understand what decision-making strategies experienced CIR consultants use during challenging incidents and to offer suggestions for training and decision-aiding. A general understanding of operational decision making under pressure, uncertainty, and high stakes was established by reviewing the body of knowledge known as Naturalistic Decision Making (NDM). The general conclusion of NDM research is that experts usually make adequate decisions based on (fast) recognition of the situation and applying the most obvious (default) response pattern that has worked in similar situations in the past. In exceptional situations, however, this way of recognition-primed decision-making results in suboptimal decisions as experts are likely to miss conflicting cues once the situation is quickly recognized under pressure. Understanding the default response pattern and the rare occasions in which this response pattern could be ineffective is therefore key for improving and aiding cyber incident response decision making. Therefore, we interviewed six experienced CIR consultants and used the critical decision method (CDM) to learn how they made decisions under challenging conditions. The main conclusion is that the default response pattern for CIR consultants during cyber breaches is to reduce uncertainty as much as possible by gathering and investigating data and thus delay decision making about eradication until the investigation is completed. According to the respondents, this strategy usually works well and provides the most assurance that the threat actor can be completely removed from the network. However, the majority of respondents could recall at least one case in which this strategy (in hindsight) resulted in unnecessary theft of data or damage. Interestingly, this finding is strikingly different from other operational decision-making domains such as the military, police and fire service in which there is a general tendency to act rapidly instead of searching for more information. The main advice is that training and decision aiding of (novice) cyber incident responders should be aimed at the following: (a) make cyber incident responders aware of how recognition-primed decision making works; (b) discuss the default response strategy that typically works well in several scenarios; (c) explain the exception and how the exception can be recognized; (d) provide alternative response strategies that work better in exceptional situations.
Objective: To construct the underlying value structure of shared decision making (SDM) models. Method: We included previously identified SDM models (n = 40) and 15 additional ones. Using a thematic analysis, we coded the data using Schwartz’s value theory to define values in SDM and to investigate value relations. Results: We identified and defined eight values and developed three themes based on their relations: shared control, a safe and supportive environment, and decisions tailored to patients. We constructed a value structure based on the value relations and themes: the interplay of healthcare professionals’ (HCPs) and patients’ skills [Achievement], support for a patient [Benevolence], and a good relationship between HCP and patient [Security] all facilitate patients’ autonomy [Self-Direction]. These values enable a more balanced relationship between HCP and patient and tailored decision making [Universalism]. Conclusion: SDM can be realized by an interplay of values. The values Benevolence and Security deserve more explicit attention, and may especially increase vulnerable patients’ Self-Direction. Practice implications: This value structure enables a comparison of values underlying SDM with those of specific populations, facilitating the incorporation of patients’ values into treatment decision making. It may also inform the development of SDM measures, interventions, education programs, and HCPs when practicing.
Ask any design researcher whether their carefully made research plans always make it through a project intact and you will probably get a chuckle out of them. Yet, discussions on how we deal with changing our plans on the go andhow we mitigate the repercussions to our research goals are sparse. To explore these challenges and how we can discuss them, we conduct a retrospective case study by analyzing pragmatic decisions that were made during a design research project of the first author. In finding the right perspective for this analysis, we turn to Cockton’s meta-principles for interaction design and its corresponding four design choice categories. Our findings describe four key decision moments using Cockton’s constructs to help identify what considerations went into making the pragmatic decision. In the discussion we reflect upon what Cockton’s constructs bring to the discussion of pragmatic decision-making and introduce the concepts of path-dependency and saturation alongside reflective questions to give design researchers more structure in reasoning about their pragmatic decision-making.
