Jelle Groenendaal, & Ira Helsloot. (2021). Why Technology Not Always Adds Value to Crisis Managers During Crisis: The Case of The Dutch Nation-Wide Crisis Management System LCMS. In Anouck Adrot, Rob Grace, Kathleen Moore, & Christopher W. Zobel (Eds.), ISCRAM 2021 Conference Proceedings – 18th International Conference on Information Systems for Crisis Response and Management (pp. 936–945). Blacksburg, VA (USA): Virginia Tech.
Abstract: Technology undeniably plays an important role in supporting crisis managers to respond to crisis. However, when improperly designed or used, technology can be ineffective or even be detrimental to the crisis response. Therefore, in this paper we bring together insights from the scientific literature and identify 5 principles for the design and use of technology to aid crisis managers effectively. These principles might seem trivial but there are several examples of technology used in practice that show the opposite. To illustrate this, we use as a case study the Dutch nation-wide crisis management system LCMS which is used in the Netherlands by all safety regions and other public organizations to maintain and share a common operational picture supporting large-scale crisis management collaboration. We explain why crisis evaluations and research time and again show that LCMS has failed to add value for crisis managers during crisis by using the identified principles.
|
Jelle Groenendaal, Ira Helsloot, & Christian Reuter. (2022). Towards More Insight into Cyber Incident Response Decision Making and its Implications for Cyber Crisis Management. In Rob Grace, & Hossein Baharmand (Eds.), ISCRAM 2022 Conference Proceedings – 19th International Conference on Information Systems for Crisis Response and Management (pp. 1025–1036). Tarbes, France.
Abstract: Organizations affected by a cyber-attack usually rely on external Cyber Incident Response (CIR) consultants to conduct investigations and mitigate the impact. These CIR consultants need to make critical decisions that could have major impact on their clients. This preliminary investigation aims to get a better understanding of CIR decision -making and answers the following questions: (1.) To what extent do experienced CIR consultants use a Recognition-Primed Decision (RPD) Making strategy during their work? (2.) What are the implications for cyber crisis management as well as for training and decision -making? To answer these questions, we conducted a literature review and interviewed six experienced CIR consultants using the Critical Decision Method. Our analysis reveals that CIR consultants recognize situations based on past experiences and apply a course of action that has worked effectively in the past. This course of action is mainly aimed at collecting and evaluating more data. This finding differs from other operational domains, such as the military and fire department, where recognition is usually followed immediately by action. For cyber crisis management, this means that crisis management teams should decide to what extent and in what ways they want to mitigate the risk of responding belatedly to cyber events, which could potentially lead to unnecessary data theft and sustained business disruption. Another implication is that crisis management teams should consider whether additional forensic investigations outweigh the expected benefits throughout the response process. For instance, if the likely entry-point of the attacker has been discovered, how much effort should be devoted to exclude other potential entry-points. Reflecting on the status-quo, several implications for training and decision making are provided.
|