In case of a major cyber incident, organizations usually rely on external providers of Cyber Incident Response (CIR) services. CIR consultants operate in a dynamic and constantly changing environment in which they must actively engage in information management and problem solving while adapting to complex circumstances. In this challenging environment CIR consultants need to make critical decisions about what to advise clients that are impacted by a major cyber incident. Despite its relevance, CIR decision making is an understudied topic. The objective of this preliminary investigation is therefore to understand what decision-making strategies experienced CIR consultants use during challenging incidents and to offer suggestions for training and decision-aiding. A general understanding of operational decision making under pressure, uncertainty, and high stakes was established by reviewing the body of knowledge known as Naturalistic Decision Making (NDM). The general conclusion of NDM research is that experts usually make adequate decisions based on (fast) recognition of the situation and applying the most obvious (default) response pattern that has worked in similar situations in the past. In exceptional situations, however, this way of recognition-primed decision-making results in suboptimal decisions as experts are likely to miss conflicting cues once the situation is quickly recognized under pressure. Understanding the default response pattern and the rare occasions in which this response pattern could be ineffective is therefore key for improving and aiding cyber incident response decision making. Therefore, we interviewed six experienced CIR consultants and used the critical decision method (CDM) to learn how they made decisions under challenging conditions. The main conclusion is that the default response pattern for CIR consultants during cyber breaches is to reduce uncertainty as much as possible by gathering and investigating data and thus delay decision making about eradication until the investigation is completed. According to the respondents, this strategy usually works well and provides the most assurance that the threat actor can be completely removed from the network. However, the majority of respondents could recall at least one case in which this strategy (in hindsight) resulted in unnecessary theft of data or damage. Interestingly, this finding is strikingly different from other operational decision-making domains such as the military, police and fire service in which there is a general tendency to act rapidly instead of searching for more information. The main advice is that training and decision aiding of (novice) cyber incident responders should be aimed at the following: (a) make cyber incident responders aware of how recognition-primed decision making works; (b) discuss the default response strategy that typically works well in several scenarios; (c) explain the exception and how the exception can be recognized; (d) provide alternative response strategies that work better in exceptional situations.
From the article: Abstract Since decision management is becoming an integrated part of business process management, more and more decision management implementations are realized. Therefore, organizations search for guidance to design such solutions. Principles are often applied to guide the design of information systems in general. A particular area of interest when designing decision management solutions is compliance. In an earlier published study (Zoet & Smit, 2016) we took a general perspective on principles regarding the design of decision management solutions. In this paper, we re-address our earlier work, yet from a different perspective, the compliance perspective. Thus, we analyzed how the principles can be utilized in the design of compliant decision management solutions. Therefore, the purpose of this paper is to specify, classify, and validate compliance principles. To identify relevant compliance principles, we conducted a three round focus group and three round Delphi Study which led to the identification of eleven compliance principles. These eleven principles can be clustered into four categories: 1) surface structure principles, 2) deep structure principles, 3) organizational structure principles, and 4) physical structure principles. The identified compliance principles provide a framework to take into account when designing information systems, taking into account the risk management and compliance perspective.
During the past two decades the implementation and adoption of information technology has rapidly increased. As a consequence the way businesses operate has changed dramatically. For example, the amount of data has grown exponentially. Companies are looking for ways to use this data to add value to their business. This has implications for the manner in which (financial) governance needs to be organized. The main purpose of this study is to obtain insight in the changing role of controllers in order to add value to the business by means of data analytics. To answer the research question a literature study was performed to establish a theoretical foundation concerning data analytics and its potential use. Second, nineteen interviews were conducted with controllers, data scientists and academics in the financial domain. Thirdly, a focus group with experts was organized in which additional data were gathered. Based on the literature study and the participants responses it is clear that the challenge of the data explosion consist of converting data into information, knowledge and meaningful insights to support decision-making processes. Performing data analyses enables the controller to support rational decision making to complement the intuitive decision making by (senior) management. In this way, the controller has the opportunity to be in the lead of the information provision within an organization. However, controllers need to have more advanced data science and statistic competences to be able to provide management with effective analysis. Specifically, we found that an important skill regarding statistics is the visualization and communication of statistical analysis. This is needed for controllers in order to grow in their role as business partner..
Grote steden staan de komende decennia voor enorme uitdagingen om ruimtelijke herstructurering en versterking van sociaaleconomische posities van bepaalde wijken, te combineren met leefbaarheids-, duurzaamheids-, en mobiliteitsambities. Dit zijn vraagstukken waar bij uitstek verschillende fysieke, sociale, economische en bestuurlijke professionals moeten samenwerken. Dit onderzoek richt zicht op boundary spanners, professionals die een sleutelrol spelen in het verbinden van domeinoverstijgende vraagstukken. Met de toename en complexiteit van maatschappelijke vragen in het grootstedelijke domein groeit ook de behoefte aan en het belang van boundary spanners in het realiseren van effectieve samenwerking. Kennis over de effectiviteit van hun werkpraktijken blijft echter achter. Gezien de urgentie van grootstedelijke vraagstukken, is het van groot belang deze kennis te ontwikkelen. De (grootstedelijke) professionals die in de rol van boundary spanner vervullen of die rol ambiëren vragen zich dan ook af: Hoe krijg ik zicht op mijn eigen boundary spanner praktijk als individu of binnen een team werken, welke mogelijke verbeteringen zijn er in ons handelen en wat daarvan is overdraagbaar naar andere professionals en andere situaties? Door deze praktijkvraag te combineren met theoretische kennis vanuit bestuurskunde en verandermanagement, geeft dit onderzoek antwoord op de overkoepelende onderzoeksvraag: Wat zijn de kenmerken van de werkpraktijken waarin (grootstedelijke) professionals, die we kunnen typeren als of boundary spanners, de grenzen tussen domeinen bij grootstedelijke vraagstukken weten te overbruggen? Het onderzoek is een co-creatie van stedelijke professionals in teams van vijf praktijkcases: het programma Haven-Stad (Amsterdam); de regiodeal Den Haag Zuidwest; het project Cruciale Mijl (Amsterdam); Combiwel buurtwerk (Amsterdam) en het team gebiedsadviseurs (Amsterdam), met onderzoekers van de Centres of Expertise van de Hogeschool van Amsterdam en de Haagse Hogeschool. Dit onderzoek expliciteert de werkregels die boundary spanners in staat stelt om domeinoverstijgend te werken en levert op die manier een wezenlijke bijdrage aan het realiseren van deze grootstedelijke vraagstukken.
Collaborative networks for sustainability are emerging rapidly to address urgent societal challenges. By bringing together organizations with different knowledge bases, resources and capabilities, collaborative networks enhance information exchange, knowledge sharing and learning opportunities to address these complex problems that cannot be solved by organizations individually. Nowhere is this more apparent than in the apparel sector, where examples of collaborative networks for sustainability are plenty, for example Sustainable Apparel Coalition, Zero Discharge Hazardous Chemicals, and the Fair Wear Foundation. Companies like C&A and H&M but also smaller players join these networks to take their social responsibility. Collaborative networks are unlike traditional forms of organizations; they are loosely structured collectives of different, often competing organizations, with dynamic membership and usually lack legal status. However, they do not emerge or organize on their own; they need network orchestrators who manage the network in terms of activities and participants. But network orchestrators face many challenges. They have to balance the interests of diverse companies and deal with tensions that often arise between them, like sharing their innovative knowledge. Orchestrators also have to “sell” the value of the network to potential new participants, who make decisions about which networks to join based on the benefits they expect to get from participating. Network orchestrators often do not know the best way to maintain engagement, commitment and enthusiasm or how to ensure knowledge and resource sharing, especially when competitors are involved. Furthermore, collaborative networks receive funding from grants or subsidies, creating financial uncertainty about its continuity. Raising financing from the private sector is difficult and network orchestrators compete more and more for resources. When networks dissolve or dysfunction (due to a lack of value creation and capture for participants, a lack of financing or a non-functioning business model), the collective value that has been created and accrued over time may be lost. This is problematic given that industrial transformations towards sustainability take many years and durable organizational forms are required to ensure ongoing support for this change. Network orchestration is a new profession. There are no guidelines, handbooks or good practices for how to perform this role, nor is there professional education or a professional association that represents network orchestrators. This is urgently needed as network orchestrators struggle with their role in governing networks so that they create and capture value for participants and ultimately ensure better network performance and survival. This project aims to foster the professionalization of the network orchestrator role by: (a) generating knowledge, developing and testing collaborative network governance models, facilitation tools and collaborative business modeling tools to enable network orchestrators to improve the performance of collaborative networks in terms of collective value creation (network level) and private value capture (network participant level) (b) organizing platform activities for network orchestrators to exchange ideas, best practices and learn from each other, thereby facilitating the formation of a professional identity, standards and community of network orchestrators.
The IMPULS-2020 project DIGIREAL (BUas, 2021) aims to significantly strengthen BUAS’ Research and Development (R&D) on Digital Realities for the benefit of innovation in our sectoral industries. The project will furthermore help BUas to position itself in the emerging innovation ecosystems on Human Interaction, AI and Interactive Technologies. The pandemic has had a tremendous negative impact on BUas industrial sectors of research: Tourism, Leisure and Events, Hospitality and Facility, Built Environment and Logistics. Our partner industries are in great need of innovative responses to the crises. Data, AI combined with Interactive and Immersive Technologies (Games, VR/AR) can provide a partial solution, in line with the key-enabling technologies of the Smart Industry agenda. DIGIREAL builds upon our well-established expertise and capacity in entertainment and serious games and digital media (VR/AR). It furthermore strengthens our initial plans to venture into Data and Applied AI. Digital Realities offer great opportunities for sectoral industry research and innovation, such as experience measurement in Leisure and Hospitality, data-driven decision-making for (sustainable) tourism, geo-data simulations for Logistics and Digital Twins for Spatial Planning. Although BUas already has successful R&D projects in these areas, the synergy can and should significantly be improved. We propose a coherent one-year Impuls funded package to develop (in 2021): 1. A multi-year R&D program on Digital Realities, that leads to, 2. Strategic R&D proposals, in particular a SPRONG/sleuteltechnologie proposal; 3. Partnerships in the regional and national innovation ecosystem, in particular Mind Labs and Data Development Lab (DDL); 4. A shared Digital Realities Lab infrastructure, in particular hardware/software/peopleware for Augmented and Mixed Reality; 5. Leadership, support and operational capacity to achieve and support the above. The proposal presents a work program and management structure, with external partners in an advisory role.
