Cyber crisis management is a relatively new and under researched topic in scientific literature. Most research on cyber crises is focused on defining it and developing exercises. But to make sense...Show moreCyber crisis management is a relatively new and under researched topic in scientific literature. Most research on cyber crises is focused on defining it and developing exercises. But to make sense of a cyber crisis has not been thoroughly examined. The current study aims to explore how incident response (IR) and crisis response (CR) teams in governmental (GOV) and critical infrastructure (CI) organizations make sense of a cyber crisis, in the context of a Dutch national cyber exercise, “ISIDOOR IV”. Through a questionnaire, observers of participating teams were asked to indicate how these teams show behavior related to the Data/Frame theory (Klein, 2010) and on the questions they ask in relation to situational, identity-oriented, and action-oriented sensemaking (Kalkman, 2019). In interviews, experts were asked to indicate challenges in sensemaking and suggest how sensemaking in teams, organizations and between organizations can be improved. This study revealed that IR and CR teams within GOV and CI organizations utilize framing strategies derived from the Data/Frame theory, with a particular focus on Identifying a frame. Behavior on other steps in the framework appears less pronounced. Especially Questioning a frame seems to pose challenges. The study demonstrated that IR and CR teams in GOV and CI organizations ask sensemaking questions. Particularly noteworthy are the high scores observed in Information sharing. And finally, the questionnaire and interviews provided insight into what the challenges to sensemaking in cyber crises are, and what can be improved on team, organizational and inter-organizational level when it comes to sensemaking.Show less
When discussing the concepts of crime and cybercrime, their victims are important key players to understand why these criminal acts takes place. More importantly, with these players taken into...Show moreWhen discussing the concepts of crime and cybercrime, their victims are important key players to understand why these criminal acts takes place. More importantly, with these players taken into account, it is not only possible to understand this concept but also to predict and prevent the crimes that take place. In this thesis, the research focuses on individual victims of cybercrime in the Netherlands and their behavioural characteristics. The aim of this research is to study which behavioural risk factors have a predictive value for victimization, both in the offline as the online world. To answer this question, I designed a digital survey to compare two types of crime; one in the offline world and one in the online world. These two criminal acts have in common that they are comparable with each other, with the only difference that they take place in different worlds. The chosen criminal acts are doorstep scams in the offline world, and phishing in the online world. A scientific literature review, the data collected from the digital questionnaire and the subsequent analysis will answer the sub-questions of this research. It seemed that certain risk factors like socio-economic status, online activities, optimism bias, loneliness, capable guardianship and offline victimization had a significant correlation with victimization. For the factors optimism bias, capable guardianship and loneliness, these results had even a predictive value. Although there is quite an amount of scientific research available on risk factors and victimization, this research shows that there is still not enough knowledge about the behaviour of victims. This is because the studied risk factors have little to do with the actual behaviour of potential victims. Researchers must take a step back to study which existing theories should be better investigated for the existence of other, potential risk factors. With a descent description and formulation of the new risk factors, it would be easier in the future to reduce online and offline victimization based on these risk factors.Show less
