Computer security incident response teams (CSIRTs) respond to a computer security incident when the need arises. Failure of these teams can have far-reaching effects for the economy and national security. CSIRTs often have to work on an ad hoc basis, in close cooperation with other teams, and in time constrained environments. It could be argued that under these working conditions CSIRTs would be likely to encounter problems. A needs assessment was done to see to which extent this argument holds true. We constructed an incident response needs model to assist in identifying areas that require improvement. We envisioned a model consisting of four assessment categories: Organization, Team, Individual and Instrumental. Central to this is the idea that both problems and needs can have an organizational, team, individual, or technical origin or a combination of these levels. To gather data we conducted a literature review. This resulted in a comprehensive list of challenges and needs that could hinder or improve, respectively, the performance of CSIRTs. Then, semi-structured in depth interviews were held with team coordinators and team members of five public and private sector Dutch CSIRTs to ground these findings in practice and to identify gaps between current and desired incident handling practices. This paper presents the findings of our needs assessment and ends with a discussion of potential solutions to problems with performance in incident response. https://doi.org/10.3389/fpsyg.2017.02179 LinkedIn: https://www.linkedin.com/in/rickvanderkleij1/
MULTIFILE
In case of a major cyber incident, organizations usually rely on external providers of Cyber Incident Response (CIR) services. CIR consultants operate in a dynamic and constantly changing environment in which they must actively engage in information management and problem solving while adapting to complex circumstances. In this challenging environment CIR consultants need to make critical decisions about what to advise clients that are impacted by a major cyber incident. Despite its relevance, CIR decision making is an understudied topic. The objective of this preliminary investigation is therefore to understand what decision-making strategies experienced CIR consultants use during challenging incidents and to offer suggestions for training and decision-aiding. A general understanding of operational decision making under pressure, uncertainty, and high stakes was established by reviewing the body of knowledge known as Naturalistic Decision Making (NDM). The general conclusion of NDM research is that experts usually make adequate decisions based on (fast) recognition of the situation and applying the most obvious (default) response pattern that has worked in similar situations in the past. In exceptional situations, however, this way of recognition-primed decision-making results in suboptimal decisions as experts are likely to miss conflicting cues once the situation is quickly recognized under pressure. Understanding the default response pattern and the rare occasions in which this response pattern could be ineffective is therefore key for improving and aiding cyber incident response decision making. Therefore, we interviewed six experienced CIR consultants and used the critical decision method (CDM) to learn how they made decisions under challenging conditions. The main conclusion is that the default response pattern for CIR consultants during cyber breaches is to reduce uncertainty as much as possible by gathering and investigating data and thus delay decision making about eradication until the investigation is completed. According to the respondents, this strategy usually works well and provides the most assurance that the threat actor can be completely removed from the network. However, the majority of respondents could recall at least one case in which this strategy (in hindsight) resulted in unnecessary theft of data or damage. Interestingly, this finding is strikingly different from other operational decision-making domains such as the military, police and fire service in which there is a general tendency to act rapidly instead of searching for more information. The main advice is that training and decision aiding of (novice) cyber incident responders should be aimed at the following: (a) make cyber incident responders aware of how recognition-primed decision making works; (b) discuss the default response strategy that typically works well in several scenarios; (c) explain the exception and how the exception can be recognized; (d) provide alternative response strategies that work better in exceptional situations.
DOCUMENT
Cybersecurity threat and incident managers in large organizations, especially in the financial sector, are confronted more and more with an increase in volume and complexity of threats and incidents. At the same time, these managers have to deal with many internal processes and criteria, in addition to requirements from external parties, such as regulators that pose an additional challenge to handling threats and incidents. Little research has been carried out to understand to what extent decision support can aid these professionals in managing threats and incidents. The purpose of this research was to develop decision support for cybersecurity threat and incident managers in the financial sector. To this end, we carried out a cognitive task analysis and the first two phases of a cognitive work analysis, based on two rounds of in-depth interviews with ten professionals from three financial institutions. Our results show that decision support should address the problem of balancing the bigger picture with details. That is, being able to simultaneously keep the broader operational context in mind as well as adequately investigating, containing and remediating a cyberattack. In close consultation with the three financial institutions involved, we developed a critical-thinking memory aid that follows typical incident response process steps, but adds big picture elements and critical thinking steps. This should make cybersecurity threat and incident managers more aware of the broader operational implications of threats and incidents while keeping a critical mindset. Although a summative evaluation was beyond the scope of the present research, we conducted iterative formative evaluations of the memory aid that show its potential.
DOCUMENT
In order to find out whether victims adequately recover from cybercrime incidents, it is important to gain insight into its effects and impact on users. However, as it stands now, there is not much literature on the impact of cybercrime. We address this gap by qualitatively examining the impact of two types of cybercrime, namely phishing and malware attacks targeting online banking customers. We used the coping approach as a framework to study how victims deal with the negative events they have experienced. In order to study the impact of cybercrime and how victims cope with it, 30 cybercrime victims were interviewed. We observed that, next to financial damage, victims described different forms of psychological and emotional effects. Victims also reported various kinds of secondary impacts, such as time loss and not being treated properly when handling the incident. In addition, the interview data provided insight into cognitive and behavioral change, which potentially offers opportunities for cybercrime prevention. Our study demonstrates that the level of impact varies among cybercrime victims, ranging from little or no impact to severe impact. In addition, while some victims were only affected for a few days, some were still feeling the effects. The effects and impact of these fraudulent schemes on victims should therefore not be underestimated. We conclude that the coping approach provides a useful framework to study the effects and impact of cybercrime victimization and how victims recover from it. The results of our study provide a steppingstone for future studies on this topic. https://www.linkedin.com/in/rutgerleukfeldt/
DOCUMENT
from the repository of Utrecht University: "PURPOSE: Previously, a high prevalence of certain psychiatric disorders was shown among non-Western immigrants. This study explores whether this results in more prescriptions for psychotropic medication. METHODS: Data on dispensing of medication among adults living in the four largest Dutch cities in 2013 were linked to demographic data from Statistics Netherlands. Incident (i.e., following no dispensing in 2010-2012) and prevalent dispensing among immigrants was compared to that among native Dutch (N = 1,043,732) and analyzed using multivariable Poisson and logistic regression. RESULTS: High adjusted Odds Ratios (ORadj) of prevalent and high Incidence Rate Ratios (IRRadj) of incident dispensing of antipsychotics were found among Moroccan (N = 115,455) and Turkish individuals (N = 105,460), especially among young Moroccan males (ORadj = 3.22 [2.99-3.47]). Among Surinamese (N = 147,123) and Antillean individuals (N = 41,430), slightly higher rates of dispensed antipsychotics were found and the estimates decreased after adjustment. The estimates for antipsychotic dispensing among the Moroccan and Turkish increased, following adjustment for household composition. Rates for antidepressant dispensing among Turkish and Moroccan subjects were high (Moroccans: ORadj = 1.74 [1.70-1.78]). Among Surinamese and Antillean subjects, the rates for antidepressant dispensing were low and the ORadjlagged behind the IRRadj(Surinamese: 0.69 [0.67-0.71] vs. 1.06 [1.00-1.13]). Similar results were found for anxiolytics. For ADHD medication, lower dispensing rates were found among all migrant groups. CONCLUSIONS: The findings agree with earlier reports of more mental health problems among Moroccan and Turkish individuals. Surinamese/Antillean individuals did not use psychotropic drugs at excess and discontinued antidepressants and anxiolytics earlier. The data strongly suggest under-treatment for ADHD in all ethnic minority groups."
LINK
This article draws on findings of an international study of social workers’ ethical challenges during COVID-19, based on 607 responses to a qualitative survey. Ethical challenges included the following: maintaining trust, privacy, dignity and service user autonomy in remote relationships; allocating limited resources; balancing rights and needs of different parties; deciding whether to break or bend policies in the interests of service users; and handling emotions and ensuring care of self and colleagues. The article considers regional contrasts, the ‘ethical logistics’ of complex decision-making, the impact of societal inequities, and lessons for social workers and professional practice around the globe.
DOCUMENT
BACKGROUND: Recent evidence suggests that an increase in baccalaureate-educated registered nurses (BRNs) leads to better quality of care in hospitals. For geriatric long-term care facilities such as nursing homes, this relationship is less clear. Most studies assessing the relationship between nurse staffing and quality of care in long-term care facilities are US-based, and only a few have focused on the unique contribution of registered nurses. In this study, we focus on BRNs, as they are expected to serve as role models and change agents, while little is known about their unique contribution to quality of care in long-term care facilities. METHODS: We conducted a cross-sectional study among 282 wards and 6,145 residents from 95 Dutch long-term care facilities. The relationship between the presence of BRNs in wards and quality of care was assessed, controlling for background characteristics, i.e. ward size, and residents' age, gender, length of stay, comorbidities, and care dependency status. Multilevel logistic regression analyses, using a generalized estimating equation approach, were performed. RESULTS: 57% of the wards employed BRNs. In these wards, the BRNs delivered on average 4.8 min of care per resident per day. Among residents living in somatic wards that employed BRNs, the probability of experiencing a fall (odds ratio 1.44; 95% CI 1.06-1.96) and receiving antipsychotic drugs (odds ratio 2.15; 95% CI 1.66-2.78) was higher, whereas the probability of having an indwelling urinary catheter was lower (odds ratio 0.70; 95% CI 0.53-0.91). Among residents living in psychogeriatric wards that employed BRNs, the probability of experiencing a medication incident was lower (odds ratio 0.68; 95% CI 0.49-0.95). For residents from both ward types, the probability of suffering from nosocomial pressure ulcers did not significantly differ for residents in wards employing BRNs. CONCLUSIONS: In wards that employed BRNs, their mean amount of time spent per resident was low, while quality of care on most wards was acceptable. No consistent evidence was found for a relationship between the presence of BRNs in wards and quality of care outcomes, controlling for background characteristics. Future studies should consider the mediating and moderating role of staffing-related work processes and ward environment characteristics on quality of care.
DOCUMENT
This report summarises the findings of an international study of the ethical challenges faced by social workers during the Covid-19 pandemic, undertaken during 6th-18th May 2020. 607 responses from 54 countries were received via an online survey, additional interviews and local surveys. Six key themes relating to social workers’ ethical challenges and responses were identified: 1. Creating and maintaining trusting, honest and empathic relationships via phone or internet with due regard to privacy and confidentiality, or in person with protective equipment. 2. Prioritising service user needs and demands, which are greater and different due to the pandemic, when resources are stretched or unavailable and full assessments often impossible. 3. Balancing service user rights, needs and risks against personal risk to social workers and others, in order to provide services as well as possible. 4. Deciding whether to follow national and organisational policies, procedures or guidance (existing or new) or to use professional discretion in circumstances where the policies seem inappropriate, confused or lacking. 5. Acknowledging and handling emotions, fatigue and the need for selfcare, when working in unsafe and stressful circumstances. 6. Using the lessons learned from working during the pandemic to rethink social work in the future.
LINK
Wat hebben maatschappelijk werkers, leraren in het middelbaar onderwijs, ondernemers in een grootstedelijke winkelstraat, schoonmakers in een verzorgingstehuis en hbo studenten in de Randstad met elkaar gemeen? Dat ze werken en leren in een omgeving waar 'autochtone' Nederlanders niet meer vanzelfsprekend in de meerderheid zijn. Integratie is hier een zaak van een samenleving van minderheden geworden. (Hoe) lukt het mensen om in zo'n 'superdiverse' omgeving relaties aan te gaan over de grenzen van hun 'eigen' groep heen: op welke terreinen vinden ze elkaar, en wanneer stokt de communicatie? En welke rol spelen verschillen in cultuur hier eigenlijk bij? Dit boek bevat het verslag van een aantal casestudies naar alledaagse omgangsvormen in de grootstedelijke samenleving, verricht door onderzoekers verbonden aan het lectoraat Burgerschap en Diversiteit van De Haagse Hogeschool.
DOCUMENT
The growing sophistication, frequency and severity of cyberattacks targeting all sectors highlight their inevitability and the impossibility of completely protecting the integrity of critical computer systems. In this context, cyber-resilience offers an attractive alternative to the existing cybersecurity paradigm. We define cyber-resilience as the capacity to withstand, recover from and adapt to the external shocks caused by cyber-risks. This article seeks to provide a broader organizational understanding of cyber-resilience and the tensions associated with its implementation. We apply Weick's (1995) sensemaking framework to examine four foundational tensions of cyber-resilience: a definitional tension, an environmental tension, an internal tension, and a regulatory tension. We then document how these tensions are embedded in cyber-resilience practices at the preparatory, response and adaptive stages. We rely on qualitative data from a sample of 58 cybersecurity professionals to uncover these tensions and how they reverberate across cyber-resilience practices.
DOCUMENT
