Structured Field Coding and its Applications to National Risk and Cybersecurity Assessments

Dutton, William H.; Shillair, Ruth; Axon, Louise; Weisser, Carolin

doi:10.60097/ACIG/162857

Artykuł - szczegóły

Tytuł artykułu

Structured Field Coding and its Applications to National Risk and Cybersecurity Assessments

Autorzy

Dutton William H. , Shillair Ruth , Axon Louise , Weisser Carolin

Treść / Zawartość

Pełne teksty:

Pobierz

Identyfikatory

DOI

10.60097/ACIG/162857

Warianty tytułu

Języki publikacji

Abstrakty

Data on cybersecurity capacity building efforts is critical to improving cybersecurity at national levels. Policy should be informed not only by measures that allow internal assessment of strengths and weaknesses that enable cross-national comparisons. The International Telecommunications Union (ITU) and its Global Cybersecurity Index (GCI) has used a standardized survey that has been adapted and used in multiple national assessments by the Global Cyber Security Capacity Centre. This adaptation includes an addition of open field coding assessments that rely heavily on trained experts and interactions with national focus groups. These assessments are checked using multiple coders to increase reliability and reduce bias. This process of ‘structured field coding’ (SFC) is an approach to collecting and coding observations based on multiple methods, quantitative as well as qualitative. This approach differs from open field coding in providing a set structure for coding observations from the field based on established frameworks for assessment. The SFC process is explained along with a discussion of the origin and the advantages and limitations of this methodological approach. It can be used in a variety of studies but is presented here as a means to integrate data for cross-national comparative analyses. Its application to improving the reliability and validity of data collection across a region, such as the EU, would help stakeholders evaluate where they should invest resources to improve their cybersecurity capacity.

Słowa kluczowe

cybersecurity security research National Risk Assessment

cyberbezpieczeństwo badania nad bezpieczeństwem ocena ryzyka krajowego

Wydawca

NASK – National Research Institute

Czasopismo

Applied Cybersecurity & Internet Governance

Rocznik

2023

Tom

Vol. 2, No. 1

Strony

1--26

Opis fizyczny

Bibliogr. 26 poz., rys.

Twórcy

autor

Dutton William H.

Oxford Martin School, Oxford University, UK

https://orcid.org/0000-0002-0141-6804

autor

Shillair Ruth

shillai7@msu.edu

Department of Media & Information Studies, Michigan State University, USA

https://orcid.org/0000-0003-0341-9096

autor

Axon Louise

Department of Computer Science, Oxford University, UK

https://orcid.org/0000-0001-5979-7630

autor

Weisser Carolin

Harris Global Cyber Security Capacity Centre, Oxford University, UK

Bibliografia

1. S. Creese, W. H. Dutton, P. Esteve-González, R. Shillair, “Cybersecurity capacity-building: cross-national benefits and international divides, Journal of Cyber Policy, vol. 6, no. 2, pp. 214–235, 2021, doi: 10.1080/23738871.2021.1979617.
2. W. H. Dutton, S. Creese, R. Shillair, M. Bada, “Cybersecurity Capacity: Does It Matter?, ” Journal of Information Policy, vol. 9, pp. 280–306, 2019, doi: 10.5325/jinfopoli.9.2019.0280.
3. R. Shillair, P. Esteve-González, W. H. Dutton, S. Creese, E. Nagyfejeo, B. von Solms,“Cybersecurity education, awareness raising, and training initiatives: National level evidence-based results, challenges, and promise,” Computers & Security, vol. 119,p. 102756, 2022, doi: 10.1016/j.cose.2022.102756.
4. R. Collett, “Understanding cybersecurity capacity building and its relationship to norms and confidence building measures,” Journal of Cyber Policy, vol. 6, no.3, pp. 298–317, 2021, doi: 10.1080/23738871.2021.1948582.
5. M. Górka, “The Cybersecurity Strategy of the Visegrad Group Countries, ”Politics in Central Europe, vol. 14, no. 2, pp. 75–98, 2018, doi: 10.2478/pce-2018-0010.
6. ITU, “Global Cybersecurity Index.” 2018. [Online]. Available: https://www.itu.int/dms_pub/it... [Accessed: Aug. 8, 2023].
7. EGA 20, “The National Cyber Security Index Ranks 150+ Countries’ Cyber Security Status.” [Online]. Available: https://ega.ee/news/national-c... [Accessed: Nov. 11, 2023].
8. NCSI, “National Cyber Security Index Methodology 3.0,” 2023. [Online]. Available:https://ega.ee/wp-content/uplo... [Accessed:Aug. 9, 2023].
9. L. Muller, “Cyber Security Capacity Building in Developing Countries: Challenges and Opportunities,” Norwegian Institute of International Affairs, Oslo, Norway, 3, 2015. [Online]. Available: https://cybilportal.org/wp-con... [Accessed: Nov. 13, 2023].
10. S. Creese, W. H. Dutton, P. Esteve-González, “The social and cultural shaping of cybersecurity capacity building: a comparative study of nations and regions, ”Personal and Ubiquitous Computing, vol. 25, pp. 941–955, 2021, doi: 10.1007/s00779-021-01569-6.
11. Z. Homburger, “The Necessity and Pitfall of Cybersecurity Capacity Building for Norm Development in Cyberspace,” Global Society, vol. 33, no. 2, pp. 224–242,2019, doi: 10.1080/13600826.2019.1569502.
12. S. Almuhammadi, M. Alsaleh, “Information Security Maturity Model for Nist Cyber Security Framework,” Computer Science & Information Technology (CS & IT),Academy & Industry Research Collaboration Center (AIRCC), 2017, pp. 51–62, doi:10.5121/csit.2017.70305.
13. Global Cyber Security Capacity Centre, “Cybersecurity Capacity Maturity Model for Nations (CMM),” 2021. [Online]. Available: https://gcscc.ox.ac.uk/the-cmm...: April 11, 2023].
14. Freedom House, “Freedom in the World 2023,” 2023. [Online]. Available: https://freedomhouse.org/repor... [Accessed: Nov. 13, 2023].
15. D. Kaufmann, A. Kraay, M. Mastruzzi, “The Worldwide Governance Indicators: Methodology and Analytical Issues,” Hague Journal of the Rule of Law, vol. 3, no.2, pp. 220–246, 2011, doi: 10.1017/S1876404511200046.
16. J. Voo, I. Hemani, D. Cassidy, National Cyber Power Index 2022. Cambridge, MA: Belfer Center for Science and International Affairs, Harvard Kennedy School, 2022.
17. A. de Tocqueville, Democracy in America. Washington, D.C.: Regnery Publishing,2003.
18. G. A. Almond and S. Verba, The Civic Culture: Political Attitudes and Democracy in Five Nations. Princeton, NJ: Princeton University Press, 2015.
19. OECD, “Recommendations of the Council on Digital Security Risk Management, ”Paris, 2022. [Online]. Available: https://legalinstruments.oecd.... [Accessed: Apr. 12, 2023].
20. National Cyber Security Centre, “NCSC CAF Guidance Principles and RelatedGuidelines,” 2019. [Online]. Available: https://www.ncsc.gov.uk/collec... [Accessed: Apr. 12, 2023].
21. NIST, “Framework for Improving Critical Infrastructure Cybersecurity,” National Institute of Standards and Technology, pp. 1–41, 2014, doi: 10.6028/NIST.CSWP.04162018.
22. K. L. Kraemer, W. H. Dutton, A. Northrop, The Management of Information Systems, New York: Columbia University Press, 1981, doi: 10.7312/krae93774.
23. K. L. Kraemer, J. N. Danziger, W. H. Dutton, A. M. Mood, and R. Kling, “A future cities survey research design for policy analysis,” Socio-Economic Planning Science, vol. 10, no. 5, pp. 199–211, 1976, doi: 10.1016/0038-0121(76)90029-X.
24. J. N. Danziger, W.H. Dutton, R. Kling, K. L. Kraemer, Computers and politics. High technology in American local governments. New York: Columbia University Press, 1982.
25. A. Ryan, On Tocqueville: Democracy and America. New York: W. W. Norton &Company, 2014.
26. J. Corbin and A. Strauss, “Grounded Theory Research : Procedures , Canons and Evaluative Criteria,” Zeitschrift Für Soziologie., vol. 19, no. 6, pp. 418–427, 1990,doi: 10.1515/zfsoz-1990-0602.

Uwagi

Opracowanie rekordu ze środków MNiSW, umowa nr SONP/SP/546092/2022 w ramach programu "Społeczna odpowiedzialność nauki" - moduł: Popularyzacja nauki i promocja sportu (2024).

Typ dokumentu

Bibliografia

Identyfikator YADDA

bwmeta1.element.baztech-b34cd6a6-95e3-486c-b323-21bca5148bcf