In case of a major cyber incident, organizations usually rely on external providers of Cyber Incident Response (CIR) services. CIR consultants operate in a dynamic and constantly changing environment in which they must actively engage in information management and problem solving while adapting to complex circumstances. In this challenging environment CIR consultants need to make critical decisions about what to advise clients that are impacted by a major cyber incident. Despite its relevance, CIR decision making is an understudied topic. The objective of this preliminary investigation is therefore to understand what decision-making strategies experienced CIR consultants use during challenging incidents and to offer suggestions for training and decision-aiding. A general understanding of operational decision making under pressure, uncertainty, and high stakes was established by reviewing the body of knowledge known as Naturalistic Decision Making (NDM). The general conclusion of NDM research is that experts usually make adequate decisions based on (fast) recognition of the situation and applying the most obvious (default) response pattern that has worked in similar situations in the past. In exceptional situations, however, this way of recognition-primed decision-making results in suboptimal decisions as experts are likely to miss conflicting cues once the situation is quickly recognized under pressure. Understanding the default response pattern and the rare occasions in which this response pattern could be ineffective is therefore key for improving and aiding cyber incident response decision making. Therefore, we interviewed six experienced CIR consultants and used the critical decision method (CDM) to learn how they made decisions under challenging conditions. The main conclusion is that the default response pattern for CIR consultants during cyber breaches is to reduce uncertainty as much as possible by gathering and investigating data and thus delay decision making about eradication until the investigation is completed. According to the respondents, this strategy usually works well and provides the most assurance that the threat actor can be completely removed from the network. However, the majority of respondents could recall at least one case in which this strategy (in hindsight) resulted in unnecessary theft of data or damage. Interestingly, this finding is strikingly different from other operational decision-making domains such as the military, police and fire service in which there is a general tendency to act rapidly instead of searching for more information. The main advice is that training and decision aiding of (novice) cyber incident responders should be aimed at the following: (a) make cyber incident responders aware of how recognition-primed decision making works; (b) discuss the default response strategy that typically works well in several scenarios; (c) explain the exception and how the exception can be recognized; (d) provide alternative response strategies that work better in exceptional situations.
DOCUMENT
Background: Patient decision aids (PDAs) can support the treatment decision making process and empower patients to take a proactive role in their treatment pathway while using a shared decision-making (SDM) approach making participatory medicine possible. The aim of this study was to develop a PDA for prostate cancer that is accurate and user-friendly. Methods: We followed a user-centered design process consisting of five rounds of semi-structured interviews and usability surveys with topics such as informational/decisional needs of users and requirements for PDAs. Our userbase consisted of 8 urologists, 4 radiation oncologists, 2 oncology nurses, 8 general practitioners, 19 former prostate cancer patients, 4 usability experts and 11 healthy volunteers. Results: Informational needs for patients centered on three key factors: treatment experience, post-treatment quality of life, and the impact of side effects. Patients and clinicians valued a PDA that presents balanced information on these factors through simple understandable language and visual aids. Usability questionnaires revealed that patients were more satisfied overall with the PDA than clinicians; however, both groups had concerns that the PDA might lengthen consultation times (42 and 41%, respectively). The PDA is accessible on http://beslissamen.nl/. Conclusions: User-centered design provided valuable insights into PDA requirements but challenges in integrating diverse perspectives as clinicians focus on clinical outcomes while patients also consider quality of life. Nevertheless, it is crucial to involve a broad base of clinical users in order to better understand the decision-making process and to develop a PDA that is accurate, usable, and acceptable.
DOCUMENT
During the past two decades the implementation and adoption of information technology has rapidly increased. As a consequence the way businesses operate has changed dramatically. For example, the amount of data has grown exponentially. Companies are looking for ways to use this data to add value to their business. This has implications for the manner in which (financial) governance needs to be organized. The main purpose of this study is to obtain insight in the changing role of controllers in order to add value to the business by means of data analytics. To answer the research question a literature study was performed to establish a theoretical foundation concerning data analytics and its potential use. Second, nineteen interviews were conducted with controllers, data scientists and academics in the financial domain. Thirdly, a focus group with experts was organized in which additional data were gathered. Based on the literature study and the participants responses it is clear that the challenge of the data explosion consist of converting data into information, knowledge and meaningful insights to support decision-making processes. Performing data analyses enables the controller to support rational decision making to complement the intuitive decision making by (senior) management. In this way, the controller has the opportunity to be in the lead of the information provision within an organization. However, controllers need to have more advanced data science and statistic competences to be able to provide management with effective analysis. Specifically, we found that an important skill regarding statistics is the visualization and communication of statistical analysis. This is needed for controllers in order to grow in their role as business partner..
DOCUMENT
Objective: To construct the underlying value structure of shared decision making (SDM) models. Method: We included previously identified SDM models (n = 40) and 15 additional ones. Using a thematic analysis, we coded the data using Schwartz’s value theory to define values in SDM and to investigate value relations. Results: We identified and defined eight values and developed three themes based on their relations: shared control, a safe and supportive environment, and decisions tailored to patients. We constructed a value structure based on the value relations and themes: the interplay of healthcare professionals’ (HCPs) and patients’ skills [Achievement], support for a patient [Benevolence], and a good relationship between HCP and patient [Security] all facilitate patients’ autonomy [Self-Direction]. These values enable a more balanced relationship between HCP and patient and tailored decision making [Universalism]. Conclusion: SDM can be realized by an interplay of values. The values Benevolence and Security deserve more explicit attention, and may especially increase vulnerable patients’ Self-Direction. Practice implications: This value structure enables a comparison of values underlying SDM with those of specific populations, facilitating the incorporation of patients’ values into treatment decision making. It may also inform the development of SDM measures, interventions, education programs, and HCPs when practicing.
DOCUMENT
In this thesis several studies are presented that have targeted decision making about case management plans in probation. In a case management plan probation officers describe the goals and interventions that should help offenders stop reoffending, and the specific measures necessary to reduce acute risks of recidivism and harm. Such a plan is embedded in a judicial framework, a sanction or advice about the sanction in which these interventions and measures should be executed. The topic of this thesis is the use of structured decision support, and the question is if this can improve decision making about case management plans in probation and subsequently improve the effectiveness of offender supervision. In this chapter we first sketch why structured decision making was introduced in the Dutch probation services. Next we describe the instrument for risk and needs assessment as well as the procedure to develop case management plans that are used by the Dutch probation services and that are investigated in this thesis. Then we describe the setting of the studies and the research questions, and we conclude with an overview of this thesis.
DOCUMENT
From the article: Abstract Since decision management is becoming an integrated part of business process management, more and more decision management implementations are realized. Therefore, organizations search for guidance to design such solutions. Principles are often applied to guide the design of information systems in general. A particular area of interest when designing decision management solutions is compliance. In an earlier published study (Zoet & Smit, 2016) we took a general perspective on principles regarding the design of decision management solutions. In this paper, we re-address our earlier work, yet from a different perspective, the compliance perspective. Thus, we analyzed how the principles can be utilized in the design of compliant decision management solutions. Therefore, the purpose of this paper is to specify, classify, and validate compliance principles. To identify relevant compliance principles, we conducted a three round focus group and three round Delphi Study which led to the identification of eleven compliance principles. These eleven principles can be clustered into four categories: 1) surface structure principles, 2) deep structure principles, 3) organizational structure principles, and 4) physical structure principles. The identified compliance principles provide a framework to take into account when designing information systems, taking into account the risk management and compliance perspective.
DOCUMENT
Analyzing historical decision-related data can help support actual operational decision-making processes. Decision mining can be employed for such analysis. This paper proposes the Decision Discovery Framework (DDF) designed to develop, adapt, or select a decision discovery algorithm by outlining specific guidelines for input data usage, classifier handling, and decision model representation. This framework incorporates the use of Decision Model and Notation (DMN) for enhanced comprehensibility and normalization to simplify decision tables. The framework’s efficacy was tested by adapting the C4.5 algorithm to the DM45 algorithm. The proposed adaptations include (1) the utilization of a decision log, (2) ensure an unpruned decision tree, (3) the generation DMN, and (4) normalize decision table. Future research can focus on supporting on practitioners in modeling decisions, ensuring their decision-making is compliant, and suggesting improvements to the modeled decisions. Another future research direction is to explore the ability to process unstructured data as input for the discovery of decisions.
MULTIFILE
The value of a decision can be increased through analyzing the decision logic, and the outcomes. The more often a decision is taken, the more data becomes available about the results. More available data results into smarter decisions and increases the value the decision has for an organization. The research field addressing this problem is Decision mining. By conducting a literature study on the current state of Decision mining, we aim to discover the research gaps and where Decision mining can be improved upon. Our findings show that the concepts used in the Decision mining field and related fields are ambiguous and show overlap. Future research directions are discovered to increase the quality and maturity of Decision mining research. This could be achieved by focusing more on Decision mining research, a change is needed from a business process Decision mining approach to a decision focused approach.
DOCUMENT
People with dementia are confronted with many decisions. However, they are often not involved in the process of the decision-making. Shared Decision-Making (SDM) enables involvement of persons with dementia in the decision-making process. In our study, we develop a supportive IT application aiming to facilitate the decision-making process in care networks of people with dementia. A key feature in the development of this SDM tool is the participation of all network members during the design and development process, including the person with dementia. In this paper, we give insight into the first phases of this design and development process in which we conducted extensive user studies and translated wishes and needs of network members into user requirements
DOCUMENT
Proper decision-making is one of the most important capabilities of an organization. Therefore, it is important to have a clear understanding and overview of the decisions an organization makes. A means to understanding and modeling decisions is the Decision Model and Notation (DMN) standard published by the Object Management Group in 2015. In this standard, it is possible to design and specify how a decision should be taken. However, DMN lacks elements to specify the actors that fulfil different roles in the decision-making process as well as not taking into account the autonomy of machines. In this paper, we re-address and-present our earlier work [1] that focuses on the construction of a framework that takes into account different roles in the decision-making process, and also includes the extent of the autonomy when machines are involved in the decision-making processes. Yet, we extended our previous research with more detailed discussion of the related literature, running cases, and results, which provides a grounded basis from which further research on the governance of (semi) automated decision-making can be conducted. The contributions of this paper are twofold; 1) a framework that combines both autonomy and separation of concerns aspects for decision-making in practice while 2) the proposed theory forms a grounded argument to enrich the current DMN standard.
DOCUMENT
