Structured Field Coding and its Applications to National Risk and Cybersecurity Assessments

Data on cybersecurity capacity building efforts is critical to improving cybersecurity at national levels. Policy should be informed not only by measures that allow internal assessment of strengths and weaknesses that enable cross-national comparisons. The International Telecommunications Union (ITU) and its Global Cybersecurity Index (GCI) has used a standardized survey that has been adapted and used in multiple national assessments by the Global Cyber Security Capacity Centre. This adaptation includes an addition of open field coding assessments that rely heavily on trained experts and interactions with national focus groups. These assessments are checked using multiple coders to increase reliability and reduce bias. This process of ‘structured field coding’ (SFC) is an approach to collecting and coding observations based on multiple methods, quantitative as well as qualitative. This approach differs from open field coding in providing a set structure for coding observations from the field based on established frameworks for assessment. The SFC process is explained along with a discussion of the origin and the advantages and limitations of this methodological approach. It can be used in a variety of studies but is presented here as a means to integrate data for cross-national comparative analyses. Its application to improving the reliability and validity of data collection across a region, such as the EU, would help stakeholders evaluate where they should invest resources to improve their cybersecurity capacity.