Towards Digital Forensic Readiness: A Framework for Financial Service Providers

Georgina Odhiambo; Richard Omollo; Paul Abuonji

doi:10.37284/eajit.7.1.1897

Georgina Odhiambo Jaramogi Oginga Odinga University of Science and Technology
Richard Omollo Jaramogi Oginga Odinga University of Science and Technology
Paul Abuonji Jaramogi Oginga Odinga University of Science and Technology

DOI: https://doi.org/10.37284/eajit.7.1.1897

Keywords: Cybercrime, Cybersecurity, Digital Forensic Readiness, Financial Service Providers, Information Security

Share Article:

Abstract

Digital Forensic Readiness has widely been referred to as an organization’s ability to proactively capture digital evidence and as a result, incur minimum costs of investigation in the event of incidents. However, several organizations still underestimate the usefulness of setting up their environments to be forensically ready until an incident occurs, and this often results in huge losses and costly investigations. Global trends show that financial institutions are amongst the worst-hit companies by cybercriminals, and this is attributed to one of the key motivations for cybercrime, which is financial gain. Kenya’s cybercrime statistics over the past five years also show that financial services remain amongst the top hit sectors by cybercriminals. The aim of this study was to develop a Digital Forensic Readiness framework for Financial Services Providers. To achieve this, the study assessed the relevant existing frameworks to explore their strengths and gaps. Additionally, the study explored the current state of forensic readiness in Kenyan financial institutions by reviewing secondary data and analysing primary data collected from respondents in the financial services sector. The study adopted a descriptive research design with the main data collection tool being questionnaires, which were administered to respondents through an online survey. The collected data was analysed using the SPSS software 28.0.1 and a multiple regression analysis was performed to determine the influence of organizational factors, legal factors, technology, and policies on Digital Forensic Readiness. The outcome of the analysis indicated that these factors indeed had a significant effect on forensic readiness, with organizational factors and policies having more impact on the framework. The study recommended that organizations not only focus on complying with laws and implementing technological controls, but also prioritize improving forensic readiness awareness and culture, supporting forensic readiness activities, setting up training, and enforcing policies to ensure personnel compliance

Downloads

Download data is not yet available.

References

Alenezi, A., Hussein, R. K., Walters, R. J., & Wills, G. B. (2017). A framework for cloud forensic readiness in organizations. 2017 5th IEEE International Conference on Mobile Cloud Computing, Services, and Engineering (pp. 199--204). IEEE.

Amfi. (2021). The Association for Microfinance Institutions (Amfi) Kenya. Retrieved December 6, 2021, from https://amfikenya.com/membership- categories/#1595870114414-c9c0a307-77d0

Balloun, J. L., Barrett, H., & Weinstein, A. (2011). One is not enough: The need for multiple respondents in survey research of organizations. Journal of Modern Applied Statistical Methods, 26.

CBK. (2023). Directory of Authorized Payment Service Providers (PSPs). Retrieved February 15, 2023, from Central Bank of Kenya: https://www.centralbank.go.ke/wp-content/uploads/2023/02/Directory-of-Authorized-Payment-Service-Providers-February-2023.pdf

Elyas, M., Ahmad, A., Maynard, S. B., & Lonie, A. (2015). Digital forensic readiness: Expert perspectives on a theoretical framework. Computers & Security, 70-89.

Emami, M. S. (2016). Importance of Hardware Systems and Circuits in Secure Software Development Life Cycle. International Journal of Computer and Systems Engineering, 1608-1611.

Endicott-Popovsky, B., Frincke, D. A., & Taylor, C. A. (2007). A Theoretical Framework for Organizational Network Forensic Readiness. JCP, 1--11.

Grobler, C., & Louwrens, C. (2010). A multi-component view of digital forensics. In International Conference on Availability, Reliability, and Security (pp. 647--652).

IRA. (2021). Licensed Insurance Companies. Retrieved December 6, 2021, from Insurance Regulatory Authority: https://www.ira.go.ke/images/LICENCED-INSURANCE-COMPANIES-2021.pdf

ISACA. (2019). State of Cybersecurity Part 2: Current Trends in Attacks, Awareness and Governance. Retrieved October 2021, from https://www.isaca.org/- /media/files/isacadp/project/isaca/why-isaca/surveys-and-reports/state-of-cybersecurity-2019-part-2_res_eng_0619#:~:text=Is%20your%20enterprise%20experiencing%20an,compared%20to%20a%20year%20ago%3F&text=enterprises%20are%20very%20li

ISACA. (2020). State of Cybersecurity 2020 Part 2: Threat Landscape and Security Practices. Retrieved November 4, 2021, from ISACA: https://www.isaca.org/bookstore/bookstore-wht_papers-digital/whpsc202

Kazadi, J. M., & Jazri, H. (2015). Using digital forensic readiness model to increase the forensic readiness of a computer system. In 2015 International Conference on Emerging Trends in Networks and Computer Communications (ETNCC) (pp. 131-137). IEEE.

Karie, N. M., & Karume, S. M. (2017). Digital Forensic Readiness in Organizations: Issues and Challenges. Journal of Digital Forensics, Security & Law, 12(4), 43-53.

KPMG. (2022). Africa Cyber Security Outlook. Retrieved 09 03, 2022, from https://assets.kpmg.com/content/dam/kpmg/ke/pdf/thought- leaderships/2022/KPMG%20Africa%20Cyber%20Security%20Outlook%202022.pdf

López, A. F. (2017). Are You Ready?: A Proposed Framework for the Assessment of Digital Forensic Readiness.

Mankantshu, M. A. (2014). Investigating the factors that influence digital forensic readiness in a South African organisation.

Mouhtaropoulos, A. a.-T. (2011). Digital forensic readiness: an insight into governmental and academic initiatives. In 2011 European Intelligence and Security Informatics Conference (pp. 191-196). IEEE.

Mugenda, O. M., & Mugenda, A. G. (2003). Quantitative and qualitative approaches. Nairobi: Acts Press.

Muraguri, N., & Mwalili, T. a. (2019). Factors influencing cybersecurity readiness in deposit taking savings and credit cooperatives: A case study of Nairobi County. International Academic Journal of Information Systems and Technology, 157--182.

Rowlingson, R. (2004). A ten step process for forensic readiness. International Journal of Digital Evidence, 1--28.

SASRA. (2023). List of Licensed and Authorized Sacco Societies In Kenya For the Financial Year Ending 31st December 2023. Retrieved February 15, 2023, from Sacco Societies Regulatory Authority: https://www.sasra.go.ke/download/list-of-licensed-and-authorized-sacco-societies-in-kenya-for-the-financial-year-ending-31st-december-2023/

Serianu. (2020). Africa Cybersecurity Report - Kenya. Retrieved from https://www.serianu.com/downloads/KenyaCyberSecurityReport2020.pdf.

Serianu. (2023). Africa Cybersecurity Report- Kenya. Retrieved January 2024, from https://www.serianu.com/downloads/KenyaCyberSecurityReport2023.pdf

Sweet, S. A., & Grace-Martin, K. (1999). Data analysis with SPSS. Allyn & Bacon Boston, MA, USA.

Tan, J. (2001). Forensic readiness. Cambridge, MA: @ Stake, 1-23.

The Republic of Kenya. (2018). Computer Misuse and Cybercrimes Act.

The Republic of Kenya. (2019). Data Protection Act.

The Republic of Kenya. (2019). National ICT Policy.