Teaching Documents by Dr. Leon Hamilton
The objective of this article is to introduce the user to Secure Software Development Life Cycle ... more The objective of this article is to introduce the user to Secure Software Development Life Cycle (will now on be referenced to as SSDLC). There are multiple reasons why programs like these have gained popularity. We can say to a certain extent that they have become mandated in certain organizations. While this presentation will give a brief explanation about SDLC, for the sake of completeness, it does not explain SDLC in detail and all of its aspects.
Lean Six Sigma is a method that relies on a collaborative team effort to improve performance by s... more Lean Six Sigma is a method that relies on a collaborative team effort to improve performance by systematically removing waste and reducing variation. It combines lean manufacturing/lean enterprise and Six Sigma to eliminate the multiple kinds of waste
There are credible flaws obscuring strong technique implementation to mitigate logical attacks ag... more There are credible flaws obscuring strong technique implementation to mitigate logical attacks against computers and computer networks in our organization. It may boil down to a common habit of treating a wide range of detrimental cyber activity as a generic threat. Innovative mitigation might be the concept that balances the rapid evolution of technology with the defensive measures necessary for operational continuity while meeting societal needs. On innovation, it is suggested that it takes a team effort to introduce evolutionary ideas, constructs or protocols to the new evolutionary ideas, constructs or protocols themselves. Take a minute and reflect on that concept! It’s widely known that the pursuit of innovation is to drive growth and become leaders in target markets. However, our focus today is to contribute substantive measures that can be applied organization-wide and implemented by end users. The final expected outcome is protocols, that when integrated into the organizational culture, could protect or minimize detrimental cyber activity.
Before we transition, it is of the utmost importance that we emphasize consideration and the role of the center of gravity to an IT or any other initiative-the employee. Successful outcomes are predicated on the integration of employee. Their input is valuable for at least two reasons. First, their visual on operations and identification of potential barriers could prevent a waste of resources or negative return on investment. Secondly, the consideration of their input increases the notion that they are part of the decision-making and increases buy-in. Buy-in equals increased motivation, embracement of the vision, and increased chances for success. This is important because in the present environment it is suggested that at least 360,000 new malware are being created daily. That threat alone means that we need all enablers and multipliers engaged.
A profound degree of consternation exists within the private and public realm because of the lack... more A profound degree of consternation exists within the private and public realm because of the lack of a defined line that is being crossed that warrants a nation-supported military response. For example, the attack and destruction of the technological infrastructure of a hospital could injure or kill both civilian and military, but existing laws have not address issues such as these. Damjanović (2017) concluded that instead of weapons and traditional warfare methodologies, information warfare could be the center of gravity of evolving military doctrines. Most developed countries embrace this concept. The blurred lines that are associated with information warfare crimes could also warrant adjustment to the methods utilized to protect commercial interests.
In information technology, CIA or confidentiality, integrity, and availability (CIA) provide the ... more In information technology, CIA or confidentiality, integrity, and availability (CIA) provide the lens of security and governing standards of any information security program. The Federal Information Security Management Act was signed into law as a part of the Electronic Government Act of 2002. It defines the comprehensive framework to protect information operations against natural or man-made threats.
Confidentiality is conceptually the practice of “least privilege”. Information access should be on a “need to know” basis and should not be easily accessible by the general population. Integrity ensures that during the transition or storage of information, it should be incorrupt. Availability is a metric that ensures that the operations and services of an organization are available, or as we say in the military-present for duty. Attacks such as Denial of Service (DOS) are initiated to disrupt or cease operations and consequently defeat the concept of availability.
Schwartau (1994) defined information warfare as the application of information and communication ... more Schwartau (1994) defined information warfare as the application of information and communication technologies to compromise or access an adversary’s technological infrastructure. The purpose is to control, disrupt, disable or access it to obtain relevant details and information on the target’s resources, proprietary information, or military plans. Taddeo (2016) identified some of the most notable examples such as the distributed denial of service attacks (DDoS) initiated during the 2010 Burma elections, the Stuxnet virus that affected the Iranian nuclear facilities, and the Wanna Cry ransomware cryptoattack of 2017 that affected computers running Microsoft-which is an awful lot of computers. Keep in mind, these are the ones that we are aware of because of the wide press coverage received.
Taddeo (2016) declared that in 2010, information warfare was officially listed among the several different domains whereby war could be waged. It ranks fifth behind the traditional military constructs of land, sea, air, and space. Why would it be that important would you ask? Well, if you pay attention to current events, you will see that the cyber domain is getting more airtime than any other battle. The powers that be have figured out that having the capability to manipulate, disrupt, destroy or otherwise control the enemy’s (e.g. civilian or military) technological infrastructure is huge. It has become a weapon that is just as if not more decisive that conducting a land campaign and may have even more influence on conflict resolution.
It’s no secret that crimes by cyber criminals are prevalent-we see, hear, or read about it almost... more It’s no secret that crimes by cyber criminals are prevalent-we see, hear, or read about it almost on a daily basis. This is important, because as you will see later, the healthcare profession public target number one because of the substantial sensitive information that we have on the general public. Everything from social security numbers to credit information, most of which is connected to financial institutions and insurance companies. The hospital industry has the information mother lode and a primary target of cyber criminals.
Asset Management is designed to gain accountability of what is within the organization, ensures o... more Asset Management is designed to gain accountability of what is within the organization, ensures operability, and is working in the proper order (value added). Szadeczky (2016) declared that the asset assessment results establish the foundation of the risk management program. An inventory of the status of infrastructure assets, their condition, and effectiveness correlate directly to the organization’s vulnerabilities. Unfortunately, the asset assessment program does not always yield a positive ROI for the reasons you see here. Vincent, Higgs, Pinsker (2017) proposed that the effectiveness of a risk management program is higher with the elimination of a middleman or bureaucratic red tape between the Chief Information Officer and the Chief Executive Officer.
No one can predict or control when a force of nature will occur. To illustrate the prevalence of... more No one can predict or control when a force of nature will occur. To illustrate the prevalence of manmade attacks (e.g. hackers) and their financial motivations, Morgan (2018) calculated that by next year, a business will become victimized by a ransomware attack every 14 seconds and if your math is only minimal you will calculate that to be at least 4 times per minute! The message is that we are not immune and please don’t take that calculation to mean that hackers are waiting idly by for 2019-they are on their game now and they are good at it.
Traffic analysis consists of capturing network traffic in order to identify and respond to anomal... more Traffic analysis consists of capturing network traffic in order to identify and respond to anomalies that could be indicative of security threats or other areas of concern. The communication, network, and technological infrastructures are expanding at a rapid pace and increasingly complex. Moreover, the global community has expanded interconnectedness as routine resulting in extraordinary production of data.
In the event of a cyber attack, the capacity to capture network traffic for analysis is critical to the success of a forensic investigation. Zhou, Yan, Fu, and Yao (2018) determined that the attributes displayed on the slide depict the relevance of capturing network traffic for subsequent analysis. As an analyst, it is important to have the correct tools depending on what is to be done, however if the nucleus is the data and if the rate, type, source, destination and other traffic factors can’t be determined, then you are still ill-equipped. Capturing network data for investigative purposes is necessary not only to initiate investigations, but allows documentation of lessons learned to improve present infrastructure operations. However, for it to be value-added, packets must be captured.
. The business environment is complex and rapidly changing. This begs to question, what prevent... more . The business environment is complex and rapidly changing. This begs to question, what preventive measures are we implementing and how forward thinking are we on our preparation for technical and physical threats to our organization. Many organizations, including this, have underlying weaknesses that leave them prone to an eventual crisis that could escalate to disastrous proportions. It is important to emphasize that organizational leadership plays a pivotal role in plan development, approval, and implementation. High visibility leadership sends a candid, unspoken message to the remainder of the organization that physical and technical threat strategies are important to the survival of this company. Stakeholders, internal and external, will know that the organization is taking prudent messages to address a threat that has not yet materialized. There is fierce competition for the organization’s resources and it is understandable that the motivation is minimal for capital expenditures on a threat that may not happen. Nonetheless, risk management requires going beyond what is normal to establish and maintain a current, dynamic plan to address the threats on a competitive landscape. We must advance our thinking and preparation to address known and unknown threats while maintaining resiliency. Hopkins (2014) suggested that resilient organizations are able to integrate change when addressing expected and unexpected emerging challenges while maintaining focus on organizational goals, objectives, and opportunities.
There is no question that business, education, and all fields of science have come to rely heavil... more There is no question that business, education, and all fields of science have come to rely heavily technology and software for data management. This dependence is prevalent to the point of not being able to understand the empirical aspects of social, technical and health science research without substantial knowledge of statistics and without at least some rudimentary understanding of statistical software.
The number and types of statistical software packages that are available continue to grow each year-some free and others requiring a license. In this PowerPoint, I have chosen to work with SPSS, or the Statistical Package for the Social Sciences. SPSS was chosen because of its popularity within both academic and business circles, making it the most widely used package of its type. SPSS is also a versatile package that allows many different types of analyses, data transformations, and forms of output - in short, it will more than adequately serve a multitude of purposes.
There is a critical need in the law enforcement community to ensure the reliability of computer f... more There is a critical need in the law enforcement community to ensure the reliability of computer forensic tools. Many of the tools are free, but the most effective will come with a price. Nonetheless, one of the most important measures that must be undertaken is the establishment of a national standard in the field.
Papers by Dr. Leon Hamilton
The Leading Edge
The digitization of the oil and gas industry creates potentially detrimental opportunities for te... more The digitization of the oil and gas industry creates potentially detrimental opportunities for terrorists, criminals, insiders, and activists to exploit. Due to the COVID-19 pandemic, working remotely has become the norm, and remote collaboration has been enabled by such Internet-based applications as Microsoft Teams, Zoom, and others. Remote employees may be more casual with cybersecurity, which further increases the risk of cyberattacks. Successful cyberattacks against oil and gas assets or operations have the capacity to cripple economies, disrupt power grids, and initiate political or public unrest and chaos. Cybersecurity defense should be as central to our organizational culture as turning on our workplace computer. We discuss the most likely weak points in our systems and possible solutions.
The focal point of security is preventing unauthorized access or loss of customer or company data... more The focal point of security is preventing unauthorized access or loss of customer or company data. Texas Instruments proposes these solution components for activating biometric security of a technological infrastructure. Methods and documented standards are being developed, as biometrics is a newcomer to the cyber security scene. The National Institute of Science and Technology (NIST) declared that interoperability is the cornerstone of success for biometrics and deployment requires both national and international standards. Standards have been developed but, rapid innovations coupled with the unconditional data interchange formats and technical interference, result in products that don’t meet established standards.
Uploads
Teaching Documents by Dr. Leon Hamilton
Before we transition, it is of the utmost importance that we emphasize consideration and the role of the center of gravity to an IT or any other initiative-the employee. Successful outcomes are predicated on the integration of employee. Their input is valuable for at least two reasons. First, their visual on operations and identification of potential barriers could prevent a waste of resources or negative return on investment. Secondly, the consideration of their input increases the notion that they are part of the decision-making and increases buy-in. Buy-in equals increased motivation, embracement of the vision, and increased chances for success. This is important because in the present environment it is suggested that at least 360,000 new malware are being created daily. That threat alone means that we need all enablers and multipliers engaged.
Confidentiality is conceptually the practice of “least privilege”. Information access should be on a “need to know” basis and should not be easily accessible by the general population. Integrity ensures that during the transition or storage of information, it should be incorrupt. Availability is a metric that ensures that the operations and services of an organization are available, or as we say in the military-present for duty. Attacks such as Denial of Service (DOS) are initiated to disrupt or cease operations and consequently defeat the concept of availability.
Taddeo (2016) declared that in 2010, information warfare was officially listed among the several different domains whereby war could be waged. It ranks fifth behind the traditional military constructs of land, sea, air, and space. Why would it be that important would you ask? Well, if you pay attention to current events, you will see that the cyber domain is getting more airtime than any other battle. The powers that be have figured out that having the capability to manipulate, disrupt, destroy or otherwise control the enemy’s (e.g. civilian or military) technological infrastructure is huge. It has become a weapon that is just as if not more decisive that conducting a land campaign and may have even more influence on conflict resolution.
In the event of a cyber attack, the capacity to capture network traffic for analysis is critical to the success of a forensic investigation. Zhou, Yan, Fu, and Yao (2018) determined that the attributes displayed on the slide depict the relevance of capturing network traffic for subsequent analysis. As an analyst, it is important to have the correct tools depending on what is to be done, however if the nucleus is the data and if the rate, type, source, destination and other traffic factors can’t be determined, then you are still ill-equipped. Capturing network data for investigative purposes is necessary not only to initiate investigations, but allows documentation of lessons learned to improve present infrastructure operations. However, for it to be value-added, packets must be captured.
The number and types of statistical software packages that are available continue to grow each year-some free and others requiring a license. In this PowerPoint, I have chosen to work with SPSS, or the Statistical Package for the Social Sciences. SPSS was chosen because of its popularity within both academic and business circles, making it the most widely used package of its type. SPSS is also a versatile package that allows many different types of analyses, data transformations, and forms of output - in short, it will more than adequately serve a multitude of purposes.
Papers by Dr. Leon Hamilton
Before we transition, it is of the utmost importance that we emphasize consideration and the role of the center of gravity to an IT or any other initiative-the employee. Successful outcomes are predicated on the integration of employee. Their input is valuable for at least two reasons. First, their visual on operations and identification of potential barriers could prevent a waste of resources or negative return on investment. Secondly, the consideration of their input increases the notion that they are part of the decision-making and increases buy-in. Buy-in equals increased motivation, embracement of the vision, and increased chances for success. This is important because in the present environment it is suggested that at least 360,000 new malware are being created daily. That threat alone means that we need all enablers and multipliers engaged.
Confidentiality is conceptually the practice of “least privilege”. Information access should be on a “need to know” basis and should not be easily accessible by the general population. Integrity ensures that during the transition or storage of information, it should be incorrupt. Availability is a metric that ensures that the operations and services of an organization are available, or as we say in the military-present for duty. Attacks such as Denial of Service (DOS) are initiated to disrupt or cease operations and consequently defeat the concept of availability.
Taddeo (2016) declared that in 2010, information warfare was officially listed among the several different domains whereby war could be waged. It ranks fifth behind the traditional military constructs of land, sea, air, and space. Why would it be that important would you ask? Well, if you pay attention to current events, you will see that the cyber domain is getting more airtime than any other battle. The powers that be have figured out that having the capability to manipulate, disrupt, destroy or otherwise control the enemy’s (e.g. civilian or military) technological infrastructure is huge. It has become a weapon that is just as if not more decisive that conducting a land campaign and may have even more influence on conflict resolution.
In the event of a cyber attack, the capacity to capture network traffic for analysis is critical to the success of a forensic investigation. Zhou, Yan, Fu, and Yao (2018) determined that the attributes displayed on the slide depict the relevance of capturing network traffic for subsequent analysis. As an analyst, it is important to have the correct tools depending on what is to be done, however if the nucleus is the data and if the rate, type, source, destination and other traffic factors can’t be determined, then you are still ill-equipped. Capturing network data for investigative purposes is necessary not only to initiate investigations, but allows documentation of lessons learned to improve present infrastructure operations. However, for it to be value-added, packets must be captured.
The number and types of statistical software packages that are available continue to grow each year-some free and others requiring a license. In this PowerPoint, I have chosen to work with SPSS, or the Statistical Package for the Social Sciences. SPSS was chosen because of its popularity within both academic and business circles, making it the most widely used package of its type. SPSS is also a versatile package that allows many different types of analyses, data transformations, and forms of output - in short, it will more than adequately serve a multitude of purposes.