Full Text Available
Note: Clicking the button above will open the full text document at the original institutional repository in a new window.
A conceptual model for digital forensic readiness in security operation centres: a South African study
The increase in the adoption of technology has resulted in the number of cyber-attacks and security breaches also rising. These cyber-attacks and breaches have become advanced and can go undetected for months. With the rise in cyber-attacks, the need for organizations to tighten cybersecurity measur...
Saved in:
| Main Author: | |
|---|---|
| Other Authors: | |
| Format: | Thesis |
| Language: | English English |
| Published: |
Department of Information Systems
2026
|
| Subjects: | |
| Tags: |
No Tags, Be the first to tag this record!
|
| _version_ | 1867613247855656960 |
|---|---|
| access_status_str | Open Access |
| author | Nkwe, Boitumelo |
| author2 | Kyobe, Michael |
| author_browse | Kyobe, Michael Nkwe, Boitumelo |
| author_facet | Kyobe, Michael Nkwe, Boitumelo |
| author_sort | Nkwe, Boitumelo |
| collection | Thesis |
| description | The increase in the adoption of technology has resulted in the number of cyber-attacks and security breaches also rising. These cyber-attacks and breaches have become advanced and can go undetected for months. With the rise in cyber-attacks, the need for organizations to tighten cybersecurity measures and be ready to investigate the breaches speedily has become crucial. These measures include the adoption of Security Operations Centres (SOC) that integrate digital forensic capabilities with various cybersecurity tools. The reviewed literature shows that having a well-defined digital forensic readiness (DFR) strategy in place is important to ensure quick and efficient investigations that do not have a huge impact on the organization. In addition, conducting internal investigations helps an organization reduce costs. While there are proposed frameworks that aim to help an organization become forensically ready, none have a specific focus on a SOC. SOCs are complex, making conducting a digital forensic investigation challenging. The objective of this study was to develop a conceptual model for DFR that focused on SOCs in South Africa. To achieve this, the study first analysed existing DFR frameworks and drew key factors that were common in all frameworks. Management support, policies, processes and procedures, forensic technologies, legal frameworks, technical skills, and training were identified as the key factors that have a potential influence on the forensic readiness of a SOC. The study was conducted using a quantitative research approach and a survey questionnaire. Data were collected from professionals who work in organizations running a SOC in South Africa through a survey. The data were analysed using statistical methods and the results of the study indicate that the digital forensic readiness of a SOC is dependent on management support, organizational policies, processes and procedures, the integration of forensic and cybersecurity technologies, understanding various legal requirements, technical skills, and continuous training. All participants had at least one form of formal qualification and one industry-related certificate. The proposed DFR conceptual model examined various factors that SOCs can use to assess their forensic readiness. The findings also highlight the importance of having a holistic approach to forensic readiness which also include continuous investment in both technology and technical skills to keep up with evolving technology. Furthermore, the findings can be used by SOCs to identify areas in their DFR plan they need to focus on to enhance their cyber-resilience. |
| format | Thesis |
| id | oai:open.uct.ac.za:11427/42557 |
| institution | University of Cape Town (South Africa) |
| language | English eng |
| last_indexed | 2026-06-10T12:33:07.122Z |
| license_str | Not specified — see source repository |
| provenance_str_mv | Harvested via OAI-PMH from UCTD — University of Cape Town Open Access Repository |
| publishDate | 2026 |
| publishDateRange | 2026 |
| publishDateSort | 2026 |
| publisher | Department of Information Systems |
| publisherStr | Department of Information Systems |
| record_format | dspace |
| source_str | UCTD — University of Cape Town Open Access Repository |
| spelling | oai:open.uct.ac.za:11427/42557 A conceptual model for digital forensic readiness in security operation centres: a South African study Nkwe, Boitumelo Kyobe, Michael Security operations centre digital forensic readiness conceptual models The increase in the adoption of technology has resulted in the number of cyber-attacks and security breaches also rising. These cyber-attacks and breaches have become advanced and can go undetected for months. With the rise in cyber-attacks, the need for organizations to tighten cybersecurity measures and be ready to investigate the breaches speedily has become crucial. These measures include the adoption of Security Operations Centres (SOC) that integrate digital forensic capabilities with various cybersecurity tools. The reviewed literature shows that having a well-defined digital forensic readiness (DFR) strategy in place is important to ensure quick and efficient investigations that do not have a huge impact on the organization. In addition, conducting internal investigations helps an organization reduce costs. While there are proposed frameworks that aim to help an organization become forensically ready, none have a specific focus on a SOC. SOCs are complex, making conducting a digital forensic investigation challenging. The objective of this study was to develop a conceptual model for DFR that focused on SOCs in South Africa. To achieve this, the study first analysed existing DFR frameworks and drew key factors that were common in all frameworks. Management support, policies, processes and procedures, forensic technologies, legal frameworks, technical skills, and training were identified as the key factors that have a potential influence on the forensic readiness of a SOC. The study was conducted using a quantitative research approach and a survey questionnaire. Data were collected from professionals who work in organizations running a SOC in South Africa through a survey. The data were analysed using statistical methods and the results of the study indicate that the digital forensic readiness of a SOC is dependent on management support, organizational policies, processes and procedures, the integration of forensic and cybersecurity technologies, understanding various legal requirements, technical skills, and continuous training. All participants had at least one form of formal qualification and one industry-related certificate. The proposed DFR conceptual model examined various factors that SOCs can use to assess their forensic readiness. The findings also highlight the importance of having a holistic approach to forensic readiness which also include continuous investment in both technology and technical skills to keep up with evolving technology. Furthermore, the findings can be used by SOCs to identify areas in their DFR plan they need to focus on to enhance their cyber-resilience. 2026-01-13T09:15:34Z 2026-01-13T09:15:34Z 2025 2026-01-13T07:55:17Z Thesis / Dissertation Masters MCom http://hdl.handle.net/11427/42557 en eng application/pdf Department of Information Systems Faculty of Commerce University of Cape Town |
| spellingShingle | Security operations centre digital forensic readiness conceptual models Nkwe, Boitumelo A conceptual model for digital forensic readiness in security operation centres: a South African study |
| thesis_degree_str | Master's |
| title | A conceptual model for digital forensic readiness in security operation centres: a South African study |
| title_full | A conceptual model for digital forensic readiness in security operation centres: a South African study |
| title_fullStr | A conceptual model for digital forensic readiness in security operation centres: a South African study |
| title_full_unstemmed | A conceptual model for digital forensic readiness in security operation centres: a South African study |
| title_short | A conceptual model for digital forensic readiness in security operation centres: a South African study |
| title_sort | conceptual model for digital forensic readiness in security operation centres a south african study |
| topic | Security operations centre digital forensic readiness conceptual models |
| url | http://hdl.handle.net/11427/42557 |
| work_keys_str_mv | AT nkweboitumelo aconceptualmodelfordigitalforensicreadinessinsecurityoperationcentresasouthafricanstudy AT nkweboitumelo conceptualmodelfordigitalforensicreadinessinsecurityoperationcentresasouthafricanstudy |