In case of a major cyber incident, organizations usually rely on external providers of Cyber Incident Response (CIR) services. CIR consultants operate in a dynamic and constantly changing environment in which they must actively engage in information management and problem solving while adapting to complex circumstances. In this challenging environment CIR consultants need to make critical decisions about what to advise clients that are impacted by a major cyber incident. Despite its relevance, CIR decision making is an understudied topic. The objective of this preliminary investigation is therefore to understand what decision-making strategies experienced CIR consultants use during challenging incidents and to offer suggestions for training and decision-aiding. A general understanding of operational decision making under pressure, uncertainty, and high stakes was established by reviewing the body of knowledge known as Naturalistic Decision Making (NDM). The general conclusion of NDM research is that experts usually make adequate decisions based on (fast) recognition of the situation and applying the most obvious (default) response pattern that has worked in similar situations in the past. In exceptional situations, however, this way of recognition-primed decision-making results in suboptimal decisions as experts are likely to miss conflicting cues once the situation is quickly recognized under pressure. Understanding the default response pattern and the rare occasions in which this response pattern could be ineffective is therefore key for improving and aiding cyber incident response decision making. Therefore, we interviewed six experienced CIR consultants and used the critical decision method (CDM) to learn how they made decisions under challenging conditions. The main conclusion is that the default response pattern for CIR consultants during cyber breaches is to reduce uncertainty as much as possible by gathering and investigating data and thus delay decision making about eradication until the investigation is completed. According to the respondents, this strategy usually works well and provides the most assurance that the threat actor can be completely removed from the network. However, the majority of respondents could recall at least one case in which this strategy (in hindsight) resulted in unnecessary theft of data or damage. Interestingly, this finding is strikingly different from other operational decision-making domains such as the military, police and fire service in which there is a general tendency to act rapidly instead of searching for more information. The main advice is that training and decision aiding of (novice) cyber incident responders should be aimed at the following: (a) make cyber incident responders aware of how recognition-primed decision making works; (b) discuss the default response strategy that typically works well in several scenarios; (c) explain the exception and how the exception can be recognized; (d) provide alternative response strategies that work better in exceptional situations.
DOCUMENT
Limited evidence is available about (non)-representativeness of participants in health-promoting interventions. The Dutch Healthy Primary School of the Future (HPSF)-study is a school-based study aiming to improve health through altering physical activity and dietary behaviour, that started in 2015 (registered in ClinicalTrials.gov on14-06-2016, NCT02800616). The study has a response rate of 60%. A comprehensive non-responder analysis was carried out, and responders were compared with schoolchildren from the region and the Netherlands using a cross-sectional design. External sources were consulted to collect non-responder, regional, and national data regarding relevant characteristics including sex, demographics, health, and lifestyle. The Chi-square test, Mann-Whitney U test, or Student's t-test were used to analyse differences.
DOCUMENT
Challenges that surveys are facing are increasing data collection costs and declining budgets. During the past years, many surveys at Statistics Netherlands were redesigned to reduce costs and to increase or maintain response rates. From 2018 onwards, adaptive survey design has been applied in several social surveys to produce more accurate statistics within the same budget. In previous years, research has been done into the effect on quality and costs of reducing the use of interviewers in mixed-mode surveys starting with internet observation, followed by telephone or face-to-face observation of internet nonrespondents. Reducing follow-ups can be done in different ways. By using stratified selection of people eligible for follow-up, nonresponse bias may be reduced. The main decisions to be made are how to divide the population into strata and how to compute the allocation probabilities for face-to-face and telephone observation in the different strata. Currently, adaptive survey design is an option in redesigns of social surveys at Statistics Netherlands. In 2018 it has been implemented in the Health Survey and the Public Opinion Survey, in 2019 in the Life Style Monitor and the Leisure Omnibus, in 2021 in the Labour Force Survey, and in 2022 it is planned for the Social Coherence Survey. This paper elaborates on the development of the adaptive survey design for the Labour Force Survey. Attention is paid to the survey design, in particular the sampling design, the data collection constraints, the choice of the strata for the adaptive design, the calculation of follow-up fractions by mode of observation and stratum, the practical implementation of the adaptive design, and the six-month parallel design with corresponding response results.
DOCUMENT
