CDPSE Certified Data Privacy Solutions

Engineer All-in-One Exam Guide Peter

H. Gregory
Visit to download the full and correct content document:
https://ebookmass.com/product/cdpse-certified-data-privacy-solutions-engineer-all-in-
one-exam-guide-peter-h-gregory-2/
 ABOUT THE AUTHOR

Peter H. Gregory, CDPSE, CIPM, CISA, CISM, CRISC, CISSP, DRCE,

CCSK, is a 30-year career technologist and a security leader at a
telecommunications company. He has been developing and
managing information security management programs since 2002
and has been leading the development and testing of secure IT
environments since 1990. Peter has also spent many years as a
software engineer and architect, systems engineer, network
engineer, and security engineer. He has written many articles, white
papers, user manuals, processes, and procedures throughout his
career, and he has conducted numerous lectures, training classes,
seminars, and university courses.
Peter is the author of more than 40 books about information
security and technology, including Solaris Security, CISM Certified
Information Security Manager All-In-One Exam Guide, and CISA
Certified Information Systems Auditor All-In-One Exam Guide. He
has spoken at numerous industry conferences, including RSA,
Interop, (ISC)2 Congress, ISACA CACS, SecureWorld Expo, West
Coast Security Forum, IP3, Source, Society for Information
Management, OptivCon, the Washington Technology Industry
Association, and InfraGard.
Peter serves on advisory boards for cybersecurity education
programs at the University of Washington and the University of
South Florida. He was the lead instructor for nine years in the
University of Washington certificate program in cybersecurity, a
former board member of the Washington State chapter of InfraGard,
and a founding member of the Pacific CISO Forum. Peter is a 2008
graduate of the FBI Citizens’ Academy and a member of the FBI
Citizens’ Academy Alumni Association.
Peter resides with his family in Washington state. For more
information about Peter, visit his web site at
www.peterhgregory.com.

About the Technical Editor

John Clark, CISSP, CISA, CISM, CIPP/E, CIPT, FIP, is an information
security executive advisor to CISOs, CIOs, boardrooms, and business
executives. John has contributed to many articles, blogs, and
presentations addressing privacy program management and has
spoken on the topic at industry conferences. With more than 20
years of experience in information security and privacy, he has
developed a passion for working with clients to develop sustainable
business-aligned information security and privacy management
programs that can be applied to emerging regulations with minimal
change. In addition to having multiple industry certifications, John
has a bachelor’s degree in management information systems and an
MBA from the University of Houston.
Copyright © 2021 by McGraw Hill. All rights reserved. Except as
permitted under the United States Copyright Act of 1976, no part of
this publication may be reproduced or distributed in any form or by
any means, or stored in a database or retrieval system, without the
prior written permission of the publisher, with the exception that the
program listings may be entered, stored, and executed in a
computer system, but they may not be reproduced for publication.

ISBN: 978-1-26-047483-1
MHID: 1-26-047483-6

The material in this eBook also appears in the print version of this
title: ISBN: 978-1-26-047482-4, MHID: 1-26-047482-8.

eBook conversion by codeMantra

Version 1.0

All trademarks are trademarks of their respective owners. Rather

than put a trademark symbol after every occurrence of a
trademarked name, we use names in an editorial fashion only, and
to the benefit of the trademark owner, with no intention of
infringement of the trademark. Where such designations appear in
this book, they have been printed with initial caps.

McGraw-Hill Education eBooks are available at special quantity

discounts to use as premiums and sales promotions or for use in
corporate training programs. To contact a representative, please visit
the Contact Us page at www.mhprofessional.com.

Information has been obtained by McGraw Hill from sources believed

to be reliable. However, because of the possibility of human or
mechanical error by our sources, McGraw Hill, or others, McGraw Hill
does not guarantee the accuracy, adequacy, or completeness of any
information and is not responsible for any errors or omissions or the
results obtained from the use of such information.
TERMS OF USE

This is a copyrighted work and McGraw-Hill Education and its

licensors reserve all rights in and to the work. Use of this work is
subject to these terms. Except as permitted under the Copyright Act
of 1976 and the right to store and retrieve one copy of the work,
you may not decompile, disassemble, reverse engineer, reproduce,
modify, create derivative works based upon, transmit, distribute,
disseminate, sell, publish or sublicense the work or any part of it
without McGraw-Hill Education’s prior consent. You may use the
work for your own noncommercial and personal use; any other use
of the work is strictly prohibited. Your right to use the work may be
terminated if you fail to comply with these terms.

THE WORK IS PROVIDED “AS IS.” McGRAW-HILL EDUCATION AND

ITS LICENSORS MAKE NO GUARANTEES OR WARRANTIES AS TO
THE ACCURACY, ADEQUACY OR COMPLETENESS OF OR RESULTS
TO BE OBTAINED FROM USING THE WORK, INCLUDING ANY
INFORMATION THAT CAN BE ACCESSED THROUGH THE WORK VIA
HYPERLINK OR OTHERWISE, AND EXPRESSLY DISCLAIM ANY
WARRANTY, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED
TO IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR
A PARTICULAR PURPOSE. McGraw-Hill Education and its licensors do
not warrant or guarantee that the functions contained in the work
will meet your requirements or that its operation will be
uninterrupted or error free. Neither McGraw-Hill Education nor its
licensors shall be liable to you or anyone else for any inaccuracy,
error or omission, regardless of cause, in the work or for any
damages resulting therefrom. McGraw-Hill Education has no
responsibility for the content of any information accessed through
the work. Under no circumstances shall McGraw-Hill Education
and/or its licensors be liable for any indirect, incidental, special,
punitive, consequential or similar damages that result from the use
of or inability to use the work, even if any of them has been advised
of the possibility of such damages. This limitation of liability shall
apply to any claim or cause whatsoever whether such claim or cause
arises in contract, tort or otherwise.
To current and aspiring privacy professionals everywhere who own
the mission of protecting personal information about customers,
employees, and constituents.
 CONTENTS AT A GLANCE

Part I Privacy Governance

Chapter 1 Governance
Chapter 2 Management
Chapter 3 Risk Management

Part II Privacy Architecture

Chapter 4 Infrastructure
Chapter 5 Applications and Software
Chapter 6 Technical Privacy Controls

Part III Data Cycle

Chapter 7 Data Purpose
Chapter 8 Data Persistence

Part IV Appendix and Glossary

Appendix About the Online Content

Glossary

Index
 CONTENTS

Acknowledgments
Introduction

Part I Privacy Governance

Chapter 1 Governance
Introduction to Privacy Governance
Privacy Governance Influencers
Reasons for Privacy Governance
Privacy and Security Governance Activities and
Results
Business Alignment
Monitoring Privacy Responsibilities
Privacy Governance Metrics
Privacy Strategy Development
Strategy Objectives
Control Frameworks
Risk Objectives
Strategy Resources
Privacy Program Strategy Development
Strategy Constraints
Chapter Review
Quick Review
Questions
Answers
Chapter 2 Management
Privacy Roles and Responsibilities
Board of Directors
Executive Management
Privacy and Security Steering Committees
Business Process and Business System Owners
Custodial Responsibilities
Chief Privacy Officer
Chief Information Security Officer
Software Development
Data Management
Network Management
Systems Management
Operations
Privacy Operations
Security Operations
Privacy Audit
Security Audit
Service Desk
Quality Assurance
Other Roles
General Staff
Building a Privacy Operation
Identifying Privacy Requirements
Developing Privacy Policies
Developing and Running Data Protection
Operations
Developing and Running Data Monitoring
Operations
Working with Data Subjects
Working with Authorities
Privacy Training and Awareness
Training Objectives
Creating or Selecting Content
 Audiences
New Hires
Annual Training
Communication Techniques
Third-Party Risk Management
Cloud Service Providers
Privacy Regulation Requirements
TPRM Life Cycle
Auditing Privacy Operations
Privacy Audit Scope
Privacy Audit Objectives
Types of Privacy Audits
Privacy Audit Planning
Privacy Audit Evidence
Auditing Specific Privacy Practices
Audit Standards
Privacy Incident Management
Phases of Incident Response
Privacy Incident Response Plan Development
Privacy Continuous Improvement
Chapter Review
Quick Review
Questions
Answers
Chapter 3 Risk Management
The Risk Management Life Cycle
The Risk Management Process
Risk Management Methodologies
Asset Identification
Asset Classification
Asset Valuation
Threat Identification
 Vulnerability Identification
Risk Identification
Risk, Likelihood, and Impact
Risk Analysis Techniques and Considerations
Privacy Impact Assessments
PIA Procedure
Engaging Data Subjects in a PIA
The Necessity of a PIA
Integrating into Existing Processes
Recordkeeping and Reporting
Risks Specific to Privacy
Privacy Threats
Privacy Countermeasures
Chapter Review
Quick Review
Questions
Answers

Part II Privacy Architecture

Chapter 4 Infrastructure
Technology Stacks
Hardware
Operating Systems
Database Management Systems
Application Servers
Cloud Services
Infrastructure as a Service
Platform as a Service
Software as a Service
Serverless Computing
Mobile Backend as a Service
Shadow IT and Citizen IT
Endpoints
 Laptop and Desktop Computers
Virtual Desktop Infrastructure
Mobile Devices
Bring-Your-Own ________
Zero Trust Architecture
Connected Devices and Operational Technology
Remote Access
Client VPN
Clientless (SSL) VPN
Split Tunneling
System Hardening
Hardening Principles
Hardening Standards
Security and Privacy by Design
Chapter Review
Quick Review
Questions
Answers
Chapter 5 Applications and Software
Privacy and Security by Design
Systems Development Life Cycle
SDLC Phases
Software Development Risks
Alternative Software Development Approaches and
Techniques
System Development Tools
Acquiring Cloud-based Infrastructure and
Applications
Applications and Software Hardening
Application Hardening Principles
Testing Applications
APIs and Services
Online Tracking and Behavioral Profiling
 Tracking Techniques and Technologies
Tracking in the Workplace
Tracking Prevention
Chapter Review
Quick Review
Questions
Answers
Chapter 6 Technical Privacy Controls
Controls
Control Objectives
Privacy Control Objectives
Control Frameworks
Communication and Transport Protocols
Network Media
Network Protocols
Network Architecture
Encryption, Hashing, and De-identification
Encryption
Key Management
De-identification
Monitoring and Logging
Event Monitoring
Identity and Access Management
Access Controls
Chapter Review
Quick Review
Questions
Answers

Part III Data Cycle

Chapter 7 Data Purpose
Data Governance
 Policies and Standards
Roles and Responsibilities
Control Objectives and Controls
Assessments
Reporting
Data Inventory
Data Classification
Data Classification Levels
Data Handling Standards
Data Loss Prevention Automation
System and Site Classification
Data Quality and Accuracy
Data Flow and Usage Diagrams
Data Use Limitation
Data Use Governance
External Privacy Policy
Data Analytics
Chapter Review
Quick Review
Questions
Answers
Chapter 8 Data Persistence
Data Minimization
Collecting Only Required Fields
Collecting Only Required Records
Discarding Data When No Longer Needed
Minimizing Access
Minimizing Storage
Minimizing Availability
Minimizing Retention
Minimization Through De-identification
Data Migration
 Data Storage
Data Warehousing
Data Retention and Archiving
Industry Data Retention Laws
Right to Be Forgotten
Data Archival
Data Destruction
Chapter Review
Quick Review
Questions
Answers

Part IV Appendix and Glossary

Appendix About the Online Content
System Requirements
Your Total Seminars Training Hub Account
Privacy Notice
Single User License Terms and Conditions
TotalTester Online
Technical Support

Glossary

Index

Figure Credits
Figure 1-2 Courtesy Xhienne: SWOT pt.svg, CC BY-SA 2.5,
https://commons.wikimediaw/index.php?curid=2838770.
Figure 1-3 Courtesy Hi-Tech Security Solutions magazine.
Figure 3-2 Source: US National Institute for Standards and
Technology (NIST).
Figure 5-1 Courtesy of Oxford University Press, Inc. From
Christopher Alexander, et al., The Oregon Experiment, 1975, p. 44.
Used by Permission of Oxford University Press, Inc.
 ACKNOWLEDGMENTS

I am immensely grateful to Wendy Rinaldi for affirming the need to

have this book published on a tight timeline. My readers, including
current and future security managers, deserve nothing less.
Heartfelt thanks to Emily Walters for proficiently managing this
project, facilitating rapid turnaround, and equipping me with the
information and guidance I needed to produce the manuscript.
I want to thank my former consulting colleague, John Clark, who
took on tech reviewing the manuscript. John, a Fellow of Information
Privacy and a member of the International Association of Privacy
Professionals, carefully and thoughtfully scrutinized the entire draft
manuscript and made scores of useful suggestions that have
improved the book’s quality and value for readers.
Next, I want to thank my former consulting colleague, Greg Tyler,
with whom I worked in a consulting role in data protection projects.
His insight has been invaluable to our clients and to me.
Many thanks to Janet Walden, Sarika Gupta, and Neelu Sahu for
managing the editorial and production ends of the project and to
Lisa Theobald for copyediting the book and further improving
readability. I appreciate KnowledgeWorks Global Ltd. for expertly
rendering my sketches into beautifully clear line art and laying out
the pages. Like stage performers, they make hard work look easy.
Many thanks to my literary agent, Carole Jelen, for diligent
assistance during this and other projects. Sincere thanks to Rebecca
Steele, my business manager and publicist, for her long-term vision
and for keeping me on track.
Virtually all of the work producing this book was completed during
the COVID-19 pandemic. In addition to life’s normal pressures and
challenges, everyone involved in this project stayed on task and
completed their typically high-quality work on schedule. This effort
was likely quite difficult for some of you. I admire your drive and
your dedication to serve our readers with nothing but the best.
Privacy professionals around the world depend upon it.
Despite having written more than 40 books, I have difficulty
putting into words my gratitude for my wife, Rebekah, for tolerating
my frequent absences (in the home office) while I developed the
manuscript. This project could not have been completed without her
loyal and unfailing support and encouragement.
 INTRODUCTION

The information revolution has transformed businesses,

governments, and people in profound ways. Virtually all business
and government operations are now digital, resulting in everyone’s
personal details being stored in information systems.
Two issues have arisen out of this transformation: the challenge
to safeguard personal information from criminal organizations, and
the challenge to ensure that personal information is used only for
clearly stated purposes. Difficulties in meeting these challenges have
helped create and emphasize the importance of the cybersecurity
and information privacy professions. Numerous security and privacy
laws, regulations, and standards have been enacted and created,
imposing a patchwork of new requirements on organizations and
governments to enact specific practices to protect and control the
use of our personal information.
These developments continue to drive demand for information
privacy, information security professionals, and leaders in both
privacy and security. These highly sought-after professionals play a
crucial role in developing better information privacy and security
programs that result in reduced risk and improved confidence.
The Certified Data Privacy Solutions Engineer (CDPSE™)
certification, established by ISACA in 2020, will light the path for
tens of thousands of privacy and security professionals who need to
demonstrate competence in the privacy field. ISACA, the creator of
the Certified Information Systems Auditor (CISA, established in
1978), the Certified Information Security Manager (CISM,
established in 2002), and other certifications, is one of the world’s
leading security, privacy, and IT management and professional
development organizations.

Purpose of This Book

Let’s get the obvious out of the way: this is a comprehensive study
guide for the privacy professional who needs a reliable reference for
individual or group-led study for the Certified Data Privacy Solutions
Engineer (CDPSE) certification. The content in this book contains the
information that CDPSE candidates are required to know. This book
is one source of information to help you prepare for the CDPSE exam
but should not be thought of as the ultimate collection of all the
knowledge and experience that ISACA expects qualified CDPSE
candidates to possess. No one publication covers all of this
information.
The CDPSE certification may be new, but the privacy profession is
relatively mature, although changing rapidly with the onset of
watershed privacy laws, including GDPR, CCPA, and CPRA. Further,
ISACA has a long history of developing and managing the highest
quality professional certifications in the information-processing
industry, beginning with creating the CISA (Certification Information
Systems Auditor) in 1978. I have participated in item-writing
workshops for ISACA for other certifications, and I can attest to the
organization’s unwavering attention to accuracy and quality. Hence,
it is certain that the CDPSE certification will succeed.
This book also serves as a reference for aspiring and practicing
privacy professionals and leaders. The content required to pass the
CDPSE exam is the same content that practicing privacy
professionals need to be familiar with in their day-to-day work. This
book is an ideal CDPSE exam study guide as well as a desk reference
for those who have already earned their CDPSE certification.
The pace of change in the privacy and information security
industries and professions is high. Rather than contain every detail
and nuance of every law, practice, standard, and technique in
privacy and security, this book shows the reader how to stay current
in the profession. Indeed, the pace of change is one of many
reasons that ISACA and other associations require continuous
learning to retain one’s certifications. It is important to understand
key facts and practices in privacy and how to stay current as they
continue to change.
This book is also invaluable for privacy professionals who are not
in a leadership position. You will gain considerable insight into
today’s privacy challenges. This book is also useful for IT, security,
and business management professionals who work with privacy
professionals and need a better understanding of what they are
doing and why.
Finally, this book is an excellent guide for anyone exploring a
career in privacy. The study chapters explain all the relevant
technologies, techniques, and processes used to manage a modern
privacy program. This is useful if you are wondering what the privacy
profession is all about.

How This Book Is Organized

This book is logically divided into four major sections:

• Introduction The front matter (this chapter) provides an

overview of the CDPSE certification and the privacy profession.
• CDPSE study material Chapters 1 through 8 contain
everything a studying CDPSE candidate is responsible for. This
same material is a handy desk reference for aspiring and
practicing privacy professionals.
• Glossary There are nearly 550 terms used in the privacy
profession.
• Practice exams The Appendix explains the online CDPSE
practice exam and TotalTester software accompanying this
book.

Information privacy is a big topic, and it depends heavily upon

sound information security practices. Many security and audit topics
are summarized in this book, and there are numerous references to
two other books that offer considerable depth in information security
and information systems audit:

• CISM Certified Information Security Manager All-In-One Exam

Guide
• CISA Certified Information Systems Auditor All-In-One Exam
Guide

Earning and Maintaining the CDPSE

Certification
In this section, I’m going to talk about

• What it means to be a Certified Data Privacy Solutions

Engineer (CDPSE) professional
• ISACA, its code of ethics, and its standards
• The certification process
• How to apply for the exam
• How to maintain your certification
• How to get the most from your CDPSE journey

Congratulations on choosing to become a Certified Data Privacy

Solutions Engineer! Whether you have worked for several years in
the field of privacy, or you have recently been introduced to the
world of privacy and information security, don’t underestimate the
hard work and dedication required to obtain and maintain CDPSE
certification. Although ambition and motivation are required, the
rewards can far exceed the effort.
You may not have imagined you would find yourself working in
the privacy world or looking to obtain a privacy certification. Perhaps
the explosion of privacy laws led to your introduction to this field. Or
possibly you have noticed that privacy-related career options are
increasing exponentially, and you have decided to get ahead of the
curve.
By selecting the CDPSE certification, you’re hitching your wagon
to the ISACA star. Founded in 1967, ISACA has more than 145,000
members and more than 100,000 professionals who have earned
one or more of its certifications: CISA (established in 1978), CISM
(established in 2002), CGEIT (established in 2007), and CRISC
(established in 2010). These certifications have won industry awards
too numerous to count. CDPSE will soon earn such awards. It’s hard
to find a professional certification organization with so many
accolades. Welcome to the journey and the amazing opportunities
that await you.
I have put together this information to help you further
understand the commitment you’ll need to prepare for the exam and
to maintain your certification. It is my wish to see you pass the exam
with flying colors, and in this book, I provide you with the
information and resources you need to maintain your certification
and to proudly represent yourself and the professional world of
privacy with your new credentials.
If you’re new to ISACA, I recommend you tour the organization’s
web site and become familiar with the available guides and
resources. Also, if you’re near one of the 200-plus local ISACA
chapters in more than 80 countries, consider taking part in the
activities and even reaching out to the chapter board for information
on local meetings, training days, conferences, and study sessions.
You may meet other privacy professionals who can give you
additional insight into the CDPSE certification and the privacy
profession.
CDPSE certification primarily focuses on privacy governance,
technical architecture, and data privacy management operations. It
certifies the individual’s knowledge of establishing information
privacy strategies, building and managing a privacy program, and
preparing for and responding to privacy incidents, and their
knowledge of information security. Organizations seek out qualified
personnel for assistance with developing and maintaining strong and
effective privacy programs. A CDPSE-certified individual is a great
candidate for this.

Benefits of CDPSE Certification

Obtaining the CDPSE certification offers several significant benefits:

• Expands knowledge and skills, and builds

confidence Developing knowledge and skills in privacy and
data protection, building and managing a privacy program, and
responding to privacy incidents can prepare you for
advancement or expand your scope of responsibilities. The
personal and professional achievement can boost confidence
that encourages you to move forward and seek new career
opportunities.
• Increases marketability and career options Because of
various legal and regulatory requirements, such as the Health
Insurance Portability and Accountability Act (HIPAA), Gramm-
Leach-Bliley Act (GLBA), the European General Data Protection
Regulation (GDPR), the California Consumer Privacy Act
(CCPA), and the California Privacy Rights Act (CPRA), demand
is growing for individuals with experience in developing and
running privacy programs. Besides, obtaining your CDPSE
certification demonstrates to current and potential employers
your willingness and commitment to improve your knowledge
and skills in privacy. Having a CDPSE certification can provide a
competitive advantage and open up many opportunities in
various industries and countries.
• Meets employment requirements Many government
agencies and organizations are requiring certifications for
positions involving privacy and information security. Although
the CDPSE certification is still somewhat new, it’s only a matter
of time before government agencies and the privacy industry
require a leading privacy certification for their privacy
professionals.
 • Builds customer confidence and international
credibility Prospective customers needing privacy work will
have faith that the quality of the strategies and execution are
in line with internationally recognized practices and standards.

Regardless of your current position, demonstrating knowledge

and experience in the areas of privacy can expand your career
options. The certification does not limit you to privacy or privacy
management; it can provide additional value and insight to those
currently holding or seeking the following positions:

• Executives such as chief privacy officers (CPOs), data

protection officers (DPOs), chief operating officers (COOs),
chief financial officers (CFOs), chief compliance officers
(CCOs), and chief information officers (CIOs)
• Records management executives and practitioners
• Marketing management executives and practitioners
• IT management executives such as chief information officers
(CIOs), chief technology officers (CTOs), directors, managers,
and staff
• Chief audit executives, audit partners, and audit directors
• Compliance executives and management
• Security and audit consultants

Finally, because privacy and cybersecurity are so closely related,

many cybersecurity leaders and professionals see their span of
responsibilities expanding to include privacy. Soon, cybersecurity
professionals lacking privacy certifications and experience may find
themselves disadvantaged in their organizations and in the
employment market.

Becoming a CDPSE Professional

Another random document with
no related content on Scribd:
 lawbreakers will now present himself in person before us
and accept of us our homage and good will, we will,
assuming him to be young and of agreeable manners,
accept him as the affiant of our daughter and prepare him
by education and training for her hand; or, failing that, and
he being a man of mature years, we will publicly accept
him as councillor of state and chiefest of our advisers. To
this end, that he may have full confidence in our word, we
have ordered that the third day of the seventh moon be
observed as a holiday, that a public feast be prepared and
that our people assemble before us in our great court.
Should this wisest of fugitives appear and declare himself
we will there publicly reaffirm and do as is here written and
accept him into our life and confidence. I have said it.
“‘Yianko I.’

“The caliph showed this to his daughter and she sighed, for full
well she knew that the caliph’s plan would prove vain—for had not
Abou said that he would return no more? But the caliph proceeded,
thinking this would surely bring about Abou’s capture.
“In the meantime in the land of Yemen, of which Abou was the
rightful heir, many things had transpired. His father, Kar-Shem,
having died and the wretched pretender, Bab-el-Bar, having failed
after a revolution to attain to Kar-Shem’s seat, confessed to the
adherents of Kar-Shem the story of the Prince Hussein’s abduction
and sale into slavery to a rug-merchant in Baghdad. In consequence,
heralds and a royal party were at once sent forth to discover
Hussein. They came to Baghdad and found the widow of Yussuf,
who told them of the many slaves Yussuf had owned, among them a
child named Hussein to whom they had given the name of Abou.
“And so, upon Abou’s return from ‘The Whispering Window,’ there
were awaiting him at the house of Mirza the representatives of his
own kingdom, who, finding him young and handsome and talented,
and being convinced by close questioning that he was really
Hussein, he was apprised of his dignity and worth and honored as
the successor of Kar-Shem in the name of the people of Yemen.
“And now Hussein (once Abou), finding himself thus ennobled,
bethought him of the beautiful Yanee and her love for him and his
undying love for her. Also he felt a desire to outwit the caliph in one
more contest. To this end he ordered his present entourage to
address the caliph as an embassy fresh from Yemen, saying that
having long been in search of their prince they had now found him,
and to request of him the courtesy of his good-will and present
consideration for their lord. The caliph, who wished always to be at
peace with all people, and especially those of Yemen, who were
great and powerful, was most pleased at this and sent a company of
courtiers to Hussein, who now dwelt with his entourage at one of the
great caravanseries of the city, requesting that he come forthwith to
the palace that he might be suitably entertained. And now Abou,
visiting the caliph in his true figure, was received by him in great
state, and many and long were the public celebrations ordered in his
honor.
“Among these was the holiday proclaimed by Yianko in order to
entrap Abou. And Yianko, wishing to amuse and entertain his guest,
told him the full history of the great thief and of his bootless efforts
thus far to take him. He admitted to Hussein his profound admiration
for Abou’s skill and ended by saying that should any one know how
Abou might be taken he would be willing to give to that one a place
in his council, or, supposing he were young and noble, the hand of
his daughter. At this Hussein, enticed by the thought of so winning
Yanee, declared that he himself would attempt to solve the mystery
and now prepared to appear as a fierce robber, the while he ordered
one of his followers to impersonate himself as prince for that day.
“The great day of the feast having arrived and criers having gone
through the streets of the city announcing the feast and the offer of
the caliph to Abou, there was much rejoicing. Long tables were set in
the public square, and flags and banners were strung. The beautiful
Yanee was told of her father’s vow to Hussein, but she trusted in
Abou and his word and his skill and so feared naught. At last, the
multitude having gathered and the caliph and his courtiers and the
false Hussein having taken their places at the head of the feast, the
caliph raised his hand for silence. The treasurer taking his place
upon one of the steps leading to the royal board, reread the
proclamation and called upon Abou to appear and before all the
multitude receive the favor of the caliph or be forever banned. Abou,
or Hussein, who in the guise of a fierce mountain outlaw had mingled
with the crowd, now came forward and holding aloft the pardon of
the caliph announced that he was indeed the thief and could prove it.
Also, that as written he would exact of the caliph his daughter’s
hand. The caliph, astounded that one so uncouth and fierce-seeming
should be so wise as the thief had proved or should ask of him his
daughter’s hand, was puzzled and anxious for a pretext on which he
might be restrained. Yet with all the multitude before him and his
word given, he scarce knew how to proceed or what to say. Then it
was that Yanee, concealed behind a lattice, sent word to her father
that this fierce soul was not the one who had come to her but an
impostor. The caliph, now suspecting treachery and more mischief,
ordered this seeming false Abou seized and bound, whereupon the
fictitious Hussein, masquerading in Hussein’s clothes, came forward
and asked for the bandit’s release for the reason that he was not a
true bandit at all but the true prince, whom they had sought far and
wide.
“Then the true Hussein, tiring of the jest and laying aside his
bandit garb, took his place at the foot of the throne and proceeded to
relate to Yianko the story of his life. At this the caliph, remembering
his word and seeing in Abou, now that he was the Prince of Yemen,
an entirely satisfactory husband for Yanee, had her brought forward.
Yanee, astonished and confused at being thus confronted with her
lost love, now become a Prince, displayed so much trepidation and
coquetry that the caliph, interested and amused and puzzled, was
anxious to know the cause. Whereupon Hussein told how he had
seen her passing his robber father’s bazaar on her way to Ish-Pari
and that he had ever since bemoaned him that he was so low in the
scale of life as not to be able to aspire to her hand yet now rejoiced
that he might make his plea. The caliph, realizing how true a
romance was here, now asked his daughter what might be her will,
to which she coyly replied that she had never been able to forget
Abou. Hussein at once reiterated his undying passion, saying that if
Yanee would accept him for her husband and the caliph as his son
he would there and then accept her as his queen and that their
nuptials should be celebrated before his return to his kingdom.
Whereupon the caliph, not to be outdone in gallantry, declared that
he would gladly accept so wise a prince, not only as his son by
marriage but as his heir, and that at his death both he and Yanee
were jointly to rule over his kingdom and their own. There followed
scenes of great rejoicing among the people, and Hussein and Yanee
rode together before them.
“And now, O my hearers,” continued Gazzar most artfully, although
his tale was done, “ye have heard how it was with Abou the
unfortunate, who came through cleverness to nothing but good—a
beautiful love, honor and wealth and the rule of two realms—
whereas I, poor wanderer that I am—”
But the company, judging that he was about to plead for more
anna, and feeling, and rightly, that for so thin a tale he had been paid
enough and to spare, arose and as one man walked away. Soudi
and Parfi denounced him as a thief and a usurer; and Gazzar,
counting his small store of anna and looking betimes at the shop of
Al Hadjaz, from which still came the odors of food, and then in the
direction of the caravan where lay the camels among which he must
sleep, sighed. For he saw that for all his pains he had not more than
the half of a meal and a bed and that for the morrow there was
nothing.
“By Allah,” he sighed, “what avails it if one travel the world over to
gather many strange tales and keep them fresh and add to them as
if by myrrh and incense and the color of the rose and the dawn, if by
so doing one may not come by so much as a meal or a bed?
Bismillah! Were it not for my withered arm no more would I trouble to
tell a tale!” And tucking his tambour into his rags he turned his steps
wearily toward the mosque, where before eating it was, as the Koran
commanded, that he must pray.

THE END
 Transcriber’s Notes
pg 106 Changed: He spoke of it to Cavanagh
to: He spoke of it to Cavanaugh
pg 107 Changed: could not be done so quicky
to: could not be done so quickly
pg 146 Changed: because she was desirious
to: because she was desirous
pg 233 Changed: as violent at it had ever been
to: as violent as it had ever been
pg 269 Changed: put in Mrs. Queeder explantorily
to: put in Mrs. Queeder explanatorily
pg 278 Changed: craned his neck as thought physically
to: craned his neck as though physically
pg 288 Changed: affairs whenever me met
to: affairs whenever we met
pg 330 Changed: Osterman to Greasdick and his find
to: Osterman to Greasadick and his find
pg 382 Changed: she turned abrutly to shopping
to: she turned abruptly to shopping
pg 386 Changed: least inpetuous pursuer
to: least impetuous pursuer
pg 390 Changed: sometimes whole segment spoiled
to: sometimes whole segments spoiled
pg 395 Changed: curious as to what was to fellow
to: curious as to what was to follow
pg 404 Changed: black as the wing of the uck
to: black as the wing of the duck
pg 411 Changed: place a cauldon of hot pitch
to: place a cauldron of hot pitch
pg 412 Changed: he drew his scimiter
to: he drew his scimitar
pg 418 Changed: thou wilt lower they veil
to: thou wilt lower thy veil
 *** END OF THE PROJECT GUTENBERG EBOOK CHAINS ***

Updated editions will replace the previous one—the old editions will
be renamed.

Creating the works from print editions not protected by U.S.

copyright law means that no one owns a United States copyright in
these works, so the Foundation (and you!) can copy and distribute it
in the United States without permission and without paying copyright
royalties. Special rules, set forth in the General Terms of Use part of
this license, apply to copying and distributing Project Gutenberg™
electronic works to protect the PROJECT GUTENBERG™ concept
and trademark. Project Gutenberg is a registered trademark, and
may not be used if you charge for an eBook, except by following the
terms of the trademark license, including paying royalties for use of
the Project Gutenberg trademark. If you do not charge anything for
copies of this eBook, complying with the trademark license is very
easy. You may use this eBook for nearly any purpose such as
creation of derivative works, reports, performances and research.
Project Gutenberg eBooks may be modified and printed and given
away—you may do practically ANYTHING in the United States with
eBooks not protected by U.S. copyright law. Redistribution is subject
to the trademark license, especially commercial redistribution.

START: FULL LICENSE

THE FULL PROJECT GUTENBERG LICENSE
 PLEASE READ THIS BEFORE YOU DISTRIBUTE OR USE THIS WORK

To protect the Project Gutenberg™ mission of promoting the free

distribution of electronic works, by using or distributing this work (or
any other work associated in any way with the phrase “Project
Gutenberg”), you agree to comply with all the terms of the Full
Project Gutenberg™ License available with this file or online at
www.gutenberg.org/license.

Section 1. General Terms of Use and

Redistributing Project Gutenberg™
electronic works
1.A. By reading or using any part of this Project Gutenberg™
electronic work, you indicate that you have read, understand, agree
to and accept all the terms of this license and intellectual property
(trademark/copyright) agreement. If you do not agree to abide by all
the terms of this agreement, you must cease using and return or
destroy all copies of Project Gutenberg™ electronic works in your
possession. If you paid a fee for obtaining a copy of or access to a
Project Gutenberg™ electronic work and you do not agree to be
bound by the terms of this agreement, you may obtain a refund from
the person or entity to whom you paid the fee as set forth in
paragraph 1.E.8.

1.B. “Project Gutenberg” is a registered trademark. It may only be

used on or associated in any way with an electronic work by people
who agree to be bound by the terms of this agreement. There are a
few things that you can do with most Project Gutenberg™ electronic
works even without complying with the full terms of this agreement.
See paragraph 1.C below. There are a lot of things you can do with
Project Gutenberg™ electronic works if you follow the terms of this
agreement and help preserve free future access to Project
Gutenberg™ electronic works. See paragraph 1.E below.
1.C. The Project Gutenberg Literary Archive Foundation (“the
Foundation” or PGLAF), owns a compilation copyright in the
collection of Project Gutenberg™ electronic works. Nearly all the
individual works in the collection are in the public domain in the
United States. If an individual work is unprotected by copyright law in
the United States and you are located in the United States, we do
not claim a right to prevent you from copying, distributing,
performing, displaying or creating derivative works based on the
work as long as all references to Project Gutenberg are removed. Of
course, we hope that you will support the Project Gutenberg™
mission of promoting free access to electronic works by freely
sharing Project Gutenberg™ works in compliance with the terms of
this agreement for keeping the Project Gutenberg™ name
associated with the work. You can easily comply with the terms of
this agreement by keeping this work in the same format with its
attached full Project Gutenberg™ License when you share it without
charge with others.

1.D. The copyright laws of the place where you are located also
govern what you can do with this work. Copyright laws in most
countries are in a constant state of change. If you are outside the
United States, check the laws of your country in addition to the terms
of this agreement before downloading, copying, displaying,
performing, distributing or creating derivative works based on this
work or any other Project Gutenberg™ work. The Foundation makes
no representations concerning the copyright status of any work in
any country other than the United States.

1.E. Unless you have removed all references to Project Gutenberg:

1.E.1. The following sentence, with active links to, or other

immediate access to, the full Project Gutenberg™ License must
appear prominently whenever any copy of a Project Gutenberg™
work (any work on which the phrase “Project Gutenberg” appears, or
with which the phrase “Project Gutenberg” is associated) is
accessed, displayed, performed, viewed, copied or distributed:
 This eBook is for the use of anyone anywhere in the United
States and most other parts of the world at no cost and with
almost no restrictions whatsoever. You may copy it, give it away
or re-use it under the terms of the Project Gutenberg License
included with this eBook or online at www.gutenberg.org. If you
are not located in the United States, you will have to check the
laws of the country where you are located before using this
eBook.

1.E.2. If an individual Project Gutenberg™ electronic work is derived

from texts not protected by U.S. copyright law (does not contain a
notice indicating that it is posted with permission of the copyright
holder), the work can be copied and distributed to anyone in the
United States without paying any fees or charges. If you are
redistributing or providing access to a work with the phrase “Project
Gutenberg” associated with or appearing on the work, you must
comply either with the requirements of paragraphs 1.E.1 through
1.E.7 or obtain permission for the use of the work and the Project
Gutenberg™ trademark as set forth in paragraphs 1.E.8 or 1.E.9.

1.E.3. If an individual Project Gutenberg™ electronic work is posted

with the permission of the copyright holder, your use and distribution
must comply with both paragraphs 1.E.1 through 1.E.7 and any
additional terms imposed by the copyright holder. Additional terms
will be linked to the Project Gutenberg™ License for all works posted
with the permission of the copyright holder found at the beginning of
this work.

1.E.4. Do not unlink or detach or remove the full Project

Gutenberg™ License terms from this work, or any files containing a
part of this work or any other work associated with Project
Gutenberg™.

1.E.5. Do not copy, display, perform, distribute or redistribute this

electronic work, or any part of this electronic work, without
prominently displaying the sentence set forth in paragraph 1.E.1 with
active links or immediate access to the full terms of the Project
Gutenberg™ License.
1.E.6. You may convert to and distribute this work in any binary,
compressed, marked up, nonproprietary or proprietary form,
including any word processing or hypertext form. However, if you
provide access to or distribute copies of a Project Gutenberg™ work
in a format other than “Plain Vanilla ASCII” or other format used in
the official version posted on the official Project Gutenberg™ website
(www.gutenberg.org), you must, at no additional cost, fee or expense
to the user, provide a copy, a means of exporting a copy, or a means
of obtaining a copy upon request, of the work in its original “Plain
Vanilla ASCII” or other form. Any alternate format must include the
full Project Gutenberg™ License as specified in paragraph 1.E.1.

1.E.7. Do not charge a fee for access to, viewing, displaying,

performing, copying or distributing any Project Gutenberg™ works
unless you comply with paragraph 1.E.8 or 1.E.9.

1.E.8. You may charge a reasonable fee for copies of or providing

access to or distributing Project Gutenberg™ electronic works
provided that:

• You pay a royalty fee of 20% of the gross profits you derive from
the use of Project Gutenberg™ works calculated using the
method you already use to calculate your applicable taxes. The
fee is owed to the owner of the Project Gutenberg™ trademark,
but he has agreed to donate royalties under this paragraph to
the Project Gutenberg Literary Archive Foundation. Royalty
payments must be paid within 60 days following each date on
which you prepare (or are legally required to prepare) your
periodic tax returns. Royalty payments should be clearly marked
as such and sent to the Project Gutenberg Literary Archive
Foundation at the address specified in Section 4, “Information
about donations to the Project Gutenberg Literary Archive
Foundation.”

• You provide a full refund of any money paid by a user who

notifies you in writing (or by e-mail) within 30 days of receipt that
s/he does not agree to the terms of the full Project Gutenberg™
License. You must require such a user to return or destroy all
 copies of the works possessed in a physical medium and
discontinue all use of and all access to other copies of Project
Gutenberg™ works.

• You provide, in accordance with paragraph 1.F.3, a full refund of

any money paid for a work or a replacement copy, if a defect in
the electronic work is discovered and reported to you within 90
days of receipt of the work.

• You comply with all other terms of this agreement for free
distribution of Project Gutenberg™ works.

1.E.9. If you wish to charge a fee or distribute a Project Gutenberg™

electronic work or group of works on different terms than are set
forth in this agreement, you must obtain permission in writing from
the Project Gutenberg Literary Archive Foundation, the manager of
the Project Gutenberg™ trademark. Contact the Foundation as set
forth in Section 3 below.

1.F.

1.F.1. Project Gutenberg volunteers and employees expend

considerable effort to identify, do copyright research on, transcribe
and proofread works not protected by U.S. copyright law in creating
the Project Gutenberg™ collection. Despite these efforts, Project
Gutenberg™ electronic works, and the medium on which they may
be stored, may contain “Defects,” such as, but not limited to,
incomplete, inaccurate or corrupt data, transcription errors, a
copyright or other intellectual property infringement, a defective or
damaged disk or other medium, a computer virus, or computer
codes that damage or cannot be read by your equipment.

1.F.2. LIMITED WARRANTY, DISCLAIMER OF DAMAGES - Except

for the “Right of Replacement or Refund” described in paragraph
1.F.3, the Project Gutenberg Literary Archive Foundation, the owner
of the Project Gutenberg™ trademark, and any other party
distributing a Project Gutenberg™ electronic work under this
agreement, disclaim all liability to you for damages, costs and
expenses, including legal fees. YOU AGREE THAT YOU HAVE NO
REMEDIES FOR NEGLIGENCE, STRICT LIABILITY, BREACH OF
WARRANTY OR BREACH OF CONTRACT EXCEPT THOSE
PROVIDED IN PARAGRAPH 1.F.3. YOU AGREE THAT THE
FOUNDATION, THE TRADEMARK OWNER, AND ANY
DISTRIBUTOR UNDER THIS AGREEMENT WILL NOT BE LIABLE
TO YOU FOR ACTUAL, DIRECT, INDIRECT, CONSEQUENTIAL,
PUNITIVE OR INCIDENTAL DAMAGES EVEN IF YOU GIVE
NOTICE OF THE POSSIBILITY OF SUCH DAMAGE.

1.F.3. LIMITED RIGHT OF REPLACEMENT OR REFUND - If you

discover a defect in this electronic work within 90 days of receiving it,
you can receive a refund of the money (if any) you paid for it by
sending a written explanation to the person you received the work
from. If you received the work on a physical medium, you must
return the medium with your written explanation. The person or entity
that provided you with the defective work may elect to provide a
replacement copy in lieu of a refund. If you received the work
electronically, the person or entity providing it to you may choose to
give you a second opportunity to receive the work electronically in
lieu of a refund. If the second copy is also defective, you may
demand a refund in writing without further opportunities to fix the
problem.

1.F.4. Except for the limited right of replacement or refund set forth in
paragraph 1.F.3, this work is provided to you ‘AS-IS’, WITH NO
OTHER WARRANTIES OF ANY KIND, EXPRESS OR IMPLIED,
INCLUDING BUT NOT LIMITED TO WARRANTIES OF
MERCHANTABILITY OR FITNESS FOR ANY PURPOSE.

1.F.5. Some states do not allow disclaimers of certain implied

warranties or the exclusion or limitation of certain types of damages.
If any disclaimer or limitation set forth in this agreement violates the
law of the state applicable to this agreement, the agreement shall be
interpreted to make the maximum disclaimer or limitation permitted
by the applicable state law. The invalidity or unenforceability of any
provision of this agreement shall not void the remaining provisions.
1.F.6. INDEMNITY - You agree to indemnify and hold the
Foundation, the trademark owner, any agent or employee of the
Foundation, anyone providing copies of Project Gutenberg™
electronic works in accordance with this agreement, and any
volunteers associated with the production, promotion and distribution
of Project Gutenberg™ electronic works, harmless from all liability,
costs and expenses, including legal fees, that arise directly or
indirectly from any of the following which you do or cause to occur:
(a) distribution of this or any Project Gutenberg™ work, (b)
alteration, modification, or additions or deletions to any Project
Gutenberg™ work, and (c) any Defect you cause.

Section 2. Information about the Mission of

Project Gutenberg™
Project Gutenberg™ is synonymous with the free distribution of
electronic works in formats readable by the widest variety of
computers including obsolete, old, middle-aged and new computers.
It exists because of the efforts of hundreds of volunteers and
donations from people in all walks of life.

Volunteers and financial support to provide volunteers with the

assistance they need are critical to reaching Project Gutenberg™’s
goals and ensuring that the Project Gutenberg™ collection will
remain freely available for generations to come. In 2001, the Project
Gutenberg Literary Archive Foundation was created to provide a
secure and permanent future for Project Gutenberg™ and future
generations. To learn more about the Project Gutenberg Literary
Archive Foundation and how your efforts and donations can help,
see Sections 3 and 4 and the Foundation information page at
www.gutenberg.org.

Section 3. Information about the Project

Gutenberg Literary Archive Foundation
The Project Gutenberg Literary Archive Foundation is a non-profit
501(c)(3) educational corporation organized under the laws of the
state of Mississippi and granted tax exempt status by the Internal
Revenue Service. The Foundation’s EIN or federal tax identification
number is 64-6221541. Contributions to the Project Gutenberg
Literary Archive Foundation are tax deductible to the full extent
permitted by U.S. federal laws and your state’s laws.

The Foundation’s business office is located at 809 North 1500 West,

Salt Lake City, UT 84116, (801) 596-1887. Email contact links and up
to date contact information can be found at the Foundation’s website
and official page at www.gutenberg.org/contact

Section 4. Information about Donations to

the Project Gutenberg Literary Archive
Foundation
Project Gutenberg™ depends upon and cannot survive without
widespread public support and donations to carry out its mission of
increasing the number of public domain and licensed works that can
be freely distributed in machine-readable form accessible by the
widest array of equipment including outdated equipment. Many small
donations ($1 to $5,000) are particularly important to maintaining tax
exempt status with the IRS.

The Foundation is committed to complying with the laws regulating

charities and charitable donations in all 50 states of the United
States. Compliance requirements are not uniform and it takes a
considerable effort, much paperwork and many fees to meet and
keep up with these requirements. We do not solicit donations in
locations where we have not received written confirmation of
compliance. To SEND DONATIONS or determine the status of
compliance for any particular state visit www.gutenberg.org/donate.

While we cannot and do not solicit contributions from states where

we have not met the solicitation requirements, we know of no
prohibition against accepting unsolicited donations from donors in
such states who approach us with offers to donate.

International donations are gratefully accepted, but we cannot make

any statements concerning tax treatment of donations received from
outside the United States. U.S. laws alone swamp our small staff.

Please check the Project Gutenberg web pages for current donation
methods and addresses. Donations are accepted in a number of
other ways including checks, online payments and credit card
donations. To donate, please visit: www.gutenberg.org/donate.

Section 5. General Information About Project

Gutenberg™ electronic works
Professor Michael S. Hart was the originator of the Project
Gutenberg™ concept of a library of electronic works that could be
freely shared with anyone. For forty years, he produced and
distributed Project Gutenberg™ eBooks with only a loose network of
volunteer support.

Project Gutenberg™ eBooks are often created from several printed

editions, all of which are confirmed as not protected by copyright in
the U.S. unless a copyright notice is included. Thus, we do not
necessarily keep eBooks in compliance with any particular paper
edition.

Most people start at our website which has the main PG search
facility: www.gutenberg.org.

This website includes information about Project Gutenberg™,

including how to make donations to the Project Gutenberg Literary
Archive Foundation, how to help produce our new eBooks, and how
to subscribe to our email newsletter to hear about new eBooks.