In case of a major cyber incident, organizations usually rely on external providers of Cyber Incident Response (CIR) services. CIR consultants operate in a dynamic and constantly changing environment in which they must actively engage in information management and problem solving while adapting to complex circumstances. In this challenging environment CIR consultants need to make critical decisions about what to advise clients that are impacted by a major cyber incident. Despite its relevance, CIR decision making is an understudied topic. The objective of this preliminary investigation is therefore to understand what decision-making strategies experienced CIR consultants use during challenging incidents and to offer suggestions for training and decision-aiding. A general understanding of operational decision making under pressure, uncertainty, and high stakes was established by reviewing the body of knowledge known as Naturalistic Decision Making (NDM). The general conclusion of NDM research is that experts usually make adequate decisions based on (fast) recognition of the situation and applying the most obvious (default) response pattern that has worked in similar situations in the past. In exceptional situations, however, this way of recognition-primed decision-making results in suboptimal decisions as experts are likely to miss conflicting cues once the situation is quickly recognized under pressure. Understanding the default response pattern and the rare occasions in which this response pattern could be ineffective is therefore key for improving and aiding cyber incident response decision making. Therefore, we interviewed six experienced CIR consultants and used the critical decision method (CDM) to learn how they made decisions under challenging conditions. The main conclusion is that the default response pattern for CIR consultants during cyber breaches is to reduce uncertainty as much as possible by gathering and investigating data and thus delay decision making about eradication until the investigation is completed. According to the respondents, this strategy usually works well and provides the most assurance that the threat actor can be completely removed from the network. However, the majority of respondents could recall at least one case in which this strategy (in hindsight) resulted in unnecessary theft of data or damage. Interestingly, this finding is strikingly different from other operational decision-making domains such as the military, police and fire service in which there is a general tendency to act rapidly instead of searching for more information. The main advice is that training and decision aiding of (novice) cyber incident responders should be aimed at the following: (a) make cyber incident responders aware of how recognition-primed decision making works; (b) discuss the default response strategy that typically works well in several scenarios; (c) explain the exception and how the exception can be recognized; (d) provide alternative response strategies that work better in exceptional situations.
Dutch National Sports Organizations (NSFs) is currently experiencing financial pressures. Two indications for this are described in this paper i.e. increased competition in the sports sector and changes in subsidy division. Decreasing incomes from subsidies can be compensated with either increasing incomes from a commercial domain or increasing incomes from member contributions. This latter solution is gaining interest as a solution for the uncertainties. Many NSFs have therefore participated in a special marketing program in order to enlarge their marketing awareness and create a marketing strategy, in order to (re)win market share on the sports participation market and gain a more stable financial situation. This paper introduces my research related to the introduction of marketing techniques within NSFs and the change-over to become market oriented. An overview of existing literature about creating marketing strategies, their implementation, and market orientation is given. This outline makes obvious that the existing literature is not sufficient for studying the implementation of marketing techniques and market orientation within NSFs. Therefore, it shows the scientific relevance of my research. The paper concludes with the chosen research methodology.
In service design projects, collaboration between design consultant and service provider can be problematic. The nature of these projects requires a high level of shared understanding and commitment, which providers may not be used to. We studied designer-provider collaboration in multiple real-life cases, in order to uncover determinants for successful collaboration. The case studies involved six service innovation projects, performed by Dutch design agencies. Independent researchers closely monitored the projects. Additional interviews with designers and providers gave insights in how both parties experienced their collaboration in the innovation projects. During data analysis, a coding scheme was created inductively. The scheme supported us in formulating 12 themes for designer-provider collaboration, amongst them four contextual determinants of shared understanding and stakeholder commitment in SD-projects. The insights from this study were then grounded in literature. Knowledge gaps were identified on themes about agreements of responsibilities, the open-endedness of an SD-process, an opportunitysearching approach, and organizational change that is required for the successful implementation of innovative service concepts.
