A conceptual model for digital forensic readiness in security operation centres: a South African study
| dc.contributor.advisor | Kyobe, Michael | |
| dc.contributor.author | Nkwe, Boitumelo | |
| dc.date.accessioned | 2026-01-13T09:15:34Z | |
| dc.date.available | 2026-01-13T09:15:34Z | |
| dc.date.issued | 2025 | |
| dc.date.updated | 2026-01-13T07:55:17Z | |
| dc.description.abstract | The increase in the adoption of technology has resulted in the number of cyber-attacks and security breaches also rising. These cyber-attacks and breaches have become advanced and can go undetected for months. With the rise in cyber-attacks, the need for organizations to tighten cybersecurity measures and be ready to investigate the breaches speedily has become crucial. These measures include the adoption of Security Operations Centres (SOC) that integrate digital forensic capabilities with various cybersecurity tools. The reviewed literature shows that having a well-defined digital forensic readiness (DFR) strategy in place is important to ensure quick and efficient investigations that do not have a huge impact on the organization. In addition, conducting internal investigations helps an organization reduce costs. While there are proposed frameworks that aim to help an organization become forensically ready, none have a specific focus on a SOC. SOCs are complex, making conducting a digital forensic investigation challenging. The objective of this study was to develop a conceptual model for DFR that focused on SOCs in South Africa. To achieve this, the study first analysed existing DFR frameworks and drew key factors that were common in all frameworks. Management support, policies, processes and procedures, forensic technologies, legal frameworks, technical skills, and training were identified as the key factors that have a potential influence on the forensic readiness of a SOC. The study was conducted using a quantitative research approach and a survey questionnaire. Data were collected from professionals who work in organizations running a SOC in South Africa through a survey. The data were analysed using statistical methods and the results of the study indicate that the digital forensic readiness of a SOC is dependent on management support, organizational policies, processes and procedures, the integration of forensic and cybersecurity technologies, understanding various legal requirements, technical skills, and continuous training. All participants had at least one form of formal qualification and one industry-related certificate. The proposed DFR conceptual model examined various factors that SOCs can use to assess their forensic readiness. The findings also highlight the importance of having a holistic approach to forensic readiness which also include continuous investment in both technology and technical skills to keep up with evolving technology. Furthermore, the findings can be used by SOCs to identify areas in their DFR plan they need to focus on to enhance their cyber-resilience. | |
| dc.identifier.apacitation | Nkwe, B. (2025). <i>A conceptual model for digital forensic readiness in security operation centres: a South African study</i>. (). University of Cape Town ,Faculty of Commerce ,Department of Information Systems. Retrieved from http://hdl.handle.net/11427/42557 | en_ZA |
| dc.identifier.chicagocitation | Nkwe, Boitumelo. <i>"A conceptual model for digital forensic readiness in security operation centres: a South African study."</i> ., University of Cape Town ,Faculty of Commerce ,Department of Information Systems, 2025. http://hdl.handle.net/11427/42557 | en_ZA |
| dc.identifier.citation | Nkwe, B. 2025. A conceptual model for digital forensic readiness in security operation centres: a South African study. . University of Cape Town ,Faculty of Commerce ,Department of Information Systems. http://hdl.handle.net/11427/42557 | en_ZA |
| dc.identifier.ris | TY - Thesis / Dissertation AU - Nkwe, Boitumelo AB - The increase in the adoption of technology has resulted in the number of cyber-attacks and security breaches also rising. These cyber-attacks and breaches have become advanced and can go undetected for months. With the rise in cyber-attacks, the need for organizations to tighten cybersecurity measures and be ready to investigate the breaches speedily has become crucial. These measures include the adoption of Security Operations Centres (SOC) that integrate digital forensic capabilities with various cybersecurity tools. The reviewed literature shows that having a well-defined digital forensic readiness (DFR) strategy in place is important to ensure quick and efficient investigations that do not have a huge impact on the organization. In addition, conducting internal investigations helps an organization reduce costs. While there are proposed frameworks that aim to help an organization become forensically ready, none have a specific focus on a SOC. SOCs are complex, making conducting a digital forensic investigation challenging. The objective of this study was to develop a conceptual model for DFR that focused on SOCs in South Africa. To achieve this, the study first analysed existing DFR frameworks and drew key factors that were common in all frameworks. Management support, policies, processes and procedures, forensic technologies, legal frameworks, technical skills, and training were identified as the key factors that have a potential influence on the forensic readiness of a SOC. The study was conducted using a quantitative research approach and a survey questionnaire. Data were collected from professionals who work in organizations running a SOC in South Africa through a survey. The data were analysed using statistical methods and the results of the study indicate that the digital forensic readiness of a SOC is dependent on management support, organizational policies, processes and procedures, the integration of forensic and cybersecurity technologies, understanding various legal requirements, technical skills, and continuous training. All participants had at least one form of formal qualification and one industry-related certificate. The proposed DFR conceptual model examined various factors that SOCs can use to assess their forensic readiness. The findings also highlight the importance of having a holistic approach to forensic readiness which also include continuous investment in both technology and technical skills to keep up with evolving technology. Furthermore, the findings can be used by SOCs to identify areas in their DFR plan they need to focus on to enhance their cyber-resilience. DA - 2025 DB - OpenUCT DP - University of Cape Town KW - Security operations centre KW - digital forensic readiness KW - conceptual models LK - https://open.uct.ac.za PB - University of Cape Town PY - 2025 T1 - A conceptual model for digital forensic readiness in security operation centres: a South African study TI - A conceptual model for digital forensic readiness in security operation centres: a South African study UR - http://hdl.handle.net/11427/42557 ER - | en_ZA |
| dc.identifier.uri | http://hdl.handle.net/11427/42557 | |
| dc.identifier.vancouvercitation | Nkwe B. A conceptual model for digital forensic readiness in security operation centres: a South African study. []. University of Cape Town ,Faculty of Commerce ,Department of Information Systems, 2025 [cited yyyy month dd]. Available from: http://hdl.handle.net/11427/42557 | en_ZA |
| dc.language.iso | en | |
| dc.language.rfc3066 | eng | |
| dc.publisher.department | Department of Information Systems | |
| dc.publisher.faculty | Faculty of Commerce | |
| dc.publisher.institution | University of Cape Town | |
| dc.subject | Security operations centre | |
| dc.subject | digital forensic readiness | |
| dc.subject | conceptual models | |
| dc.title | A conceptual model for digital forensic readiness in security operation centres: a South African study | |
| dc.type | Thesis / Dissertation | |
| dc.type.qualificationlevel | Masters | |
| dc.type.qualificationlevel | MCom |