Wasim A. Al-Hamdani

Bio: Wasim A. Al-Hamdani is an academic researcher from University of the Cumberlands. The author has contributed to research in topics: Information security & Cryptography. The author has an hindex of 7, co-authored 36 publications receiving 173 citations. Previous affiliations of Wasim A. Al-Hamdani include Kentucky State University.

Who can you trust in the cloud?: a review of security issues within cloud computing

Abstract: In this paper, we discuss security issues with Cloud Based Computing and Cloud Operating Systems. Cloud computing has recently experienced a significant increase in popularity as major companies such as Google and Microsoft have started to release cloud based products, advertise the use of the cloud, and even release an open source Cloud OS. As the general public becomes more aware of cloud based computing and the popularity increases the demand for security will increase. This paper discusses both unique security concerns for cloud computing as well as shared security issues between cloud and traditional computing. Current solutions for these security risks are also discussed and evaluated. In addition, we propose a method for allowing the user to select specific security levels of security for items and make a list of security items that all users should be aware of before opting to use cloud based services.

Assessment of need and method of delivery for information security awareness program

Abstract: This paper looks at the assessment for quantity of information security awareness programs needed at Kentucky State University as a first step, and then the model is generated for a larger population The model used is based on various levels of education and a randomly selected sample space The model is also based on two assessments: the first focuses on information security in general, while the second assessment covers the following topics:Data classificationSecurity job roleAwareness programsSpam and virus knowledgeSocial engineeringThe sample space was randomly selected from a population of about 49,640 in Franklin County [5] and the results were then generalized for larger populations The results show that there is a real need for information security awareness programs for the general public However, the research also shows a large number of instructors needed per 1000 of population to start the information security awareness public program These primary results have been looked at in two different aspects - the first as "in-class delivery" and the second as "out-class delivery" The research points out there hold unrealistic results for in-class delivery, hence we must focus on out-class awareness programs

Cryptography based access control in healthcare web systems

Abstract: Access control is the capacity of a particular subject (user, process) to permit or deny the use of a specific object (data, file). Access control mechanisms can be used in managing physical resources and logical resources. Cryptography access control in a healthcare Web system provides logical control for sharing resources and access rights subject to object. However, designing access control for healthcare information systems is difficult due to the culture of the healthcare, the rapid changing, and the tasks performed. This work examined existing access control models, providing a broad presentation for cryptographic algorithms including cryptography access control-based systems. In the last part, a new model is presented based on integrating cryptography access control with role access control and hierarchy using Suite B (NSA recommendation). The model is based on the using entity (which could be a local medical center or hospital), while the security level between entities are distributed and based on PKI.

Information security policy in small education organization

Abstract: Information security policies is essential for any education environment as it is the overall guidelines for the management and are a special type of documented act as business rule for protecting information and the systems which store and process. In this article the critical elements of an information security policy for small education environment is presented and discussed. Small education environment has very special case as there are small numbers of personal to handle IT and security issue and education environment in general has special characteristics and features that distinguish them from any other enterprise or national agencies. Such organizations have features such as free organization, focuses on learning, large number of turnover (semester/year period), one semester is a major period, age of the participant in the organization, learning in group or individual, include non-academic and extracurricular services. The article looks at canon of information security policy elements should be provided as: type, writing, maintain and minimum elements should be presented in a policy for such environments. This paper will also discuss the technical, physical and administrative benefits that small organizations can have obtain by having a security policy.

Teaching Cryptography Using Design Thinking Approach

Abstract: The phrase “design thinking” stands for design-specific cognitive activities that designers apply during the process of designing; it is progressively used to mean the human-centered “open” problem solving procedure. It has been used widely in the industry and business, in particular Systems, Applications, and Products in Data Processing, to satisfy customer needs. Design thinking has an increasing influence on 21st century education across disciplines. This work introduces cryptography curriculum using a design thinking model. The work was introduced in Spring 2014 and is for graduate levels. The course evaluations show high level of student sympathetic, and improvement in their abilities in solving complex problems.

[서평]「Applied Cryptography」

Abstract: The objective of this paper is to give a comprehensive introduction to applied cryptography with an engineer or computer scientist in mind. The emphasis is on the knowledge needed to create practical systems which supports integrity, confidentiality, or authenticity. Topics covered includes an introduction to the concepts in cryptography, attacks against cryptographic systems, key use and handling, random bit generation, encryption modes, and message authentication codes. Recommendations on algorithms and further reading is given in the end of the paper. This paper should make the reader able to build, understand and evaluate system descriptions and designs based on the cryptographic components described in the paper.

The Health Insurance Portability and Accountability Act.

Abstract: The Health Insurance Portability and Accountability Act, also known as HIPAA, was first delivered to congress in 1996 and consisted of just two Titles. It was designed to protect health insurance coverage for workers and their families while between jobs. It establishes standards for electronic health care transactions and addresses the issues of privacy and security when dealing with Protected Health Information (PHI). HIPAA is applicable only in the United States of America.

Security issues in cloud environments: a survey

Abstract: In the last few years, the appealing features of cloud computing have been fueling the integration of cloud environments in the industry, which has been consequently motivating the research on related technologies by both the industry and the academia. The possibility of paying-as-you-go mixed with an on-demand elastic operation is changing the enterprise computing model, shifting on-premises infrastructures to off-premises data centers, accessed over the Internet and managed by cloud hosting providers. Regardless of its advantages, the transition to this computing paradigm raises security concerns, which are the subject of several studies. Besides of the issues derived from Web technologies and the Internet, clouds introduce new issues that should be cleared out first in order to further allow the number of cloud deployments to increase. This paper surveys the works on cloud security issues, making a comprehensive review of the literature on the subject. It addresses several key topics, namely vulnerabilities, threats, and attacks, proposing a taxonomy for their classification. It also contains a thorough review of the main concepts concerning the security state of cloud environments and discusses several open research topics.

Advanced social engineering attacks

Abstract: Social engineering has emerged as a serious threat in virtual communities and is an effective means to attack information systems. The services used by today's knowledge workers prepare the ground for sophisticated social engineering attacks. The growing trend towards BYOD (bring your own device) policies and the use of online communication and collaboration tools in private and business environments aggravate the problem. In globally acting companies, teams are no longer geographically co-located, but staffed just-in-time. The decrease in personal interaction combined with a plethora of tools used for communication (e-mail, IM, Skype, Dropbox, LinkedIn, Lync, etc.) create new attack vectors for social engineering attacks. Recent attacks on companies such as the New York Times and RSA have shown that targeted spear-phishing attacks are an effective, evolutionary step of social engineering attacks. Combined with zero-day-exploits, they become a dangerous weapon that is often used by advanced persistent threats. This paper provides a taxonomy of well-known social engineering attacks as well as a comprehensive overview of advanced social engineering attacks on the knowledge worker.