The Cybersecurity Body of

Knowledge-The ACM/IEEE/AIS/IFIP
Recommendations for a Complete
Curriculum in Cybersecurity 1st Edition
Daniel Shoemaker
Visit to download the full and correct content document:
https://textbookfull.com/product/the-cybersecurity-body-of-knowledge-the-acm-ieee-ai
s-ifip-recommendations-for-a-complete-curriculum-in-cybersecurity-1st-edition-daniel-
shoemaker-2/
More products digital (pdf, epub, mobi) instant
download maybe you interests ...

The Cybersecurity Body of Knowledge-The

ACM/IEEE/AIS/IFIP Recommendations for a Complete
Curriculum in Cybersecurity 1st Edition Daniel
Shoemaker
https://textbookfull.com/product/the-cybersecurity-body-of-
knowledge-the-acm-ieee-ais-ifip-recommendations-for-a-complete-
curriculum-in-cybersecurity-1st-edition-daniel-shoemaker-2/

Implementing Cybersecurity: A Guide to the National

Institute of Standards and Technology Risk Management
Framework 1st Edition Dan Shoemaker

https://textbookfull.com/product/implementing-cybersecurity-a-
guide-to-the-national-institute-of-standards-and-technology-risk-
management-framework-1st-edition-dan-shoemaker/

Tribe of Hackers Blue Team: Tribal Knowledge from the

Best in Defensive Cybersecurity Marcus J. Carey

https://textbookfull.com/product/tribe-of-hackers-blue-team-
tribal-knowledge-from-the-best-in-defensive-cybersecurity-marcus-
j-carey/

Tribe Of Hackers Security Leaders: Tribal Knowledge

From The Best In Cybersecurity Leadership Marcus J.
Carey

https://textbookfull.com/product/tribe-of-hackers-security-
leaders-tribal-knowledge-from-the-best-in-cybersecurity-
leadership-marcus-j-carey/
Cyberjutsu Cybersecurity for the Modern Ninja 1st
Edition Ben Mccarty

https://textbookfull.com/product/cyberjutsu-cybersecurity-for-
the-modern-ninja-1st-edition-ben-mccarty/

Cybersecurity For Dummies 1st Edition Joseph Steinberg

https://textbookfull.com/product/cybersecurity-for-dummies-1st-
edition-joseph-steinberg/

Cybersecurity for beginners Second Edition Meeuwisse

https://textbookfull.com/product/cybersecurity-for-beginners-
second-edition-meeuwisse/

CyberBRICS Cybersecurity Regulations In The BRICS

Countries Luca Belli

https://textbookfull.com/product/cyberbrics-cybersecurity-
regulations-in-the-brics-countries-luca-belli/

Digital defense a cybersecurity primer Pelton

https://textbookfull.com/product/digital-defense-a-cybersecurity-
primer-pelton/
The Cybersecurity
Body of Knowledge
 Internal Audit and IT Audit
The scope and mandate for internal audit continues to evolve each
year, as does the complexity of the business environment and speed of
the changing risk landscape in which it must operate.
The fundamental goal of this exciting new series is to produce
leading-edge books on critical subjects facing audit executives as well
as internal and IT audit practitioners.
Key topics that will be addressed over the coming years include
Audit Leadership, Cybersecurity, Strategic Risk Management,
Auditing Various IT Activities and Processes, Audit Management,
and Operational Auditing.
If you’re interested in submitting a proposal for a book to be
included in the series, please email Gabriella.Williams@tandf.co.uk
Series Editor:
Dan Swanson

Project Management Capability Assessment: Performing ISO 33000-

Based Capability Assessments of Project Management
Peter T. Davis and Barry D. Lewis
Auditor Essentials: 100 Concepts, Tips, Tools, and
Techniques for Success
Hernan Murdock
How to Build a Cyber-Resilient Organization
Daniel Shoemaker, Anne Kohnke, and Ken Sigler
Fraud Auditing Using CAATT: A Manual for Auditors and Forensic
Accountants to Detect Organizational Fraud
Shaun Aghili
Managing IoT Systems for Institutions and Cities
Chuck Benson
The Audit Value Factor
Daniel Samson

For more information about this series, please visit https://

w w w.crcpress.com/Internal-Audit-and-IT-Audit/book-series/
CRCINTAUDITA
 The Cybersecurity
Body of Knowledge
The ACM/IEEE/AIS/IFIP
Recommendations for a Complete
Curriculum in Cybersecurity

Daniel Shoemaker, Anne Kohnke,

and Ken Sigler
CRC Press
Taylor & Francis Group
52 Vanderbilt Avenue,
New York, NY 10017

© 2020 by Taylor & Francis Group, LLC

CRC Press is an imprint of Taylor & Francis Group, an Informa business

No claim to original U.S. Government works

Printed on acid-free paper

International Standard Book Number-13: 978-0-367-90094-6 (Hardback)

This book contains information obtained from authentic and highly regarded sources.
Reasonable efforts have been made to publish reliable data and information, but the
author and publisher cannot assume responsibility for the validity of all materials or the
consequences of their use. The authors and publishers have attempted to trace the copyright
holders of all material reproduced in this publication and apologize to copyright holders if
permission to publish in this form has not been obtained. If any copyright material has not
been acknowledged please write and let us know so we may rectify in any future reprint.

Except as permitted under U.S. Copyright Law, no part of this book may be reprinted,
reproduced, transmitted, or utilized in any form by any electronic, mechanical, or other
means, now known or hereafter invented, including photocopying, microfilming, and
recording, or in any information storage or retrieval system, without written permission
from the publishers.

For permission to photocopy or use material electronically from this work, please access
www.copyright.com (http://www.copyright.com/) or contact the Copyright Clearance
Center, Inc. (CCC), 222 Rosewood Drive, Danvers, MA 01923, 978-750-8400. CCC is a
not-for-profit organization that provides licenses and registration for a variety of users. For
organizations that have been granted a photocopy license by the CCC, a separate system of
payment has been arranged.

Trademark Notice: Product or corporate names may be trademarks or registered

trademarks, and are used only for identification and explanation without intent to infringe.

Visit the Taylor & Francis Web site at

http://www.taylorandfrancis.com

and the CRC Press Web site at

http://www.crcpress.com
Contents

Fo re wo rd 1 xvii
Fo re wo rd 2 xxi
Author Bio g r Aphies xxv
I

Introduction: The Current Situation Is Out of Control 1

The Challenge: How Do You Protect Something that
Doesn’t Actually Exist? 3
We Must Re-evaluate Our Assumptions 5
The Adversary Changes Things 7
The Three-Legged Stool 9
Learning to Play Better with Others 11
Creating a Holistic Solution 11
The Importance of Knowing What to Do 12
Enabling Common Understanding 12
Education Is the Key 13
The Body of Knowledge and Educational Strategy 14
Cybersecurity as an Academic Study 16
The Association for Computing Machinery (ACM) 16
The International Society of Electrical and Electronic
Engineers (IEEE) 17
The Association for Information Systems (AIS) 17
The International Federation for Information Processing
(IFIP) 18

v
vi C o n t en t s

The Importance of Unified Recommendations about Areas

of Vital Interest 18
Circumscribing the Field: Background and Intention of
CC2005 19
Defining the Elements of the Discipline of Cybersecurity:
CSEC2017 22
Knowledge Area One: Data Security 23
Knowledge Area Two: Software Security 24
Knowledge Area Three: Component Security 24
Knowledge Area Four: Connection Security 25
Knowledge Area Five: System Security 25
Knowledge Area Six: Human Security 26
Knowledge Area Seven: Organizational Security 26
Knowledge Area Eight: Societal Security 27
Real-World Utilization of the CSEC2017 Body of Knowledge 28
CSEC2017 Framework Areas of Application 29
Thirty Review Questions: Introduction to the CSEC
Standard 32
You Might Also Like to Read 33
Chapter Summary 34
Keywords 35
References 36

C
Bodies of Knowledge Are Essential Tools in Educational
Settings 39
Bodies of Knowledge 40
Making Cybersecurity Teaching Real 42
Validating Curricular Concepts 43
Applying the CSEC2017 45
The CSEC2017 Model 48
The CSEC2017 Organization 52
The CSEC2017 Implementation Process 54
Knowledge Area One: Data Security 56
Knowledge Area Two: Software Security 58
Knowledge Area Three: Component Security 62
Knowledge Area Four: Connection Security 64
Knowledge Area Five: System Security 68
Knowledge Area Six: Human Security 70
Knowledge Area Seven: Organizational Security 74
Knowledge Area Eight: Societal Security 78
Twenty Review Questions: The Cybersecurity Body of
Knowledge 81
You Might Also Like to Read 82
Chapter Summary 82
Keywords 84
References 85
C o n t en t s vii

C
viii C o n t en t s

Data Erasure 143

Data Masking 145
Database Security 145
Data Security Law 146
Chapter Review Questions 147
You Might Also Like to Read 149
Chapter Summary 150
Learning Objectives for the Data Security Knowledge Area 151
Keywords 152
References 153

chApter 4 s o F t wA r e s e c u r i t y 155
Building Pathways toward Software Security 155
The CSEC2017 Software Security Knowledge Units 156
Knowledge Unit One: Fundamental Principles 158
Least Privilege 159
Fail-Safe Defaults 160
Complete Mediation 160
Separation of Duties 161
Minimize Trust 161
Economy of Mechanism 162
Minimize Common Mechanism 163
Least Astonishment 163
Open Design 164
Layering 164
Abstraction 166
Modularity 167
Complete Linkage 168
Design for Iteration 169
Knowledge Unit Two: Design 169
Derivation of Security Requirements 170
Specification of Security Requirements 172
Software Development Life Cycle/Security
Development Life Cycle 173
Programming Languages and Type-Safe Languages 175
Knowledge Unit Three: Implementation 176
Validating Input and Checking Its Representation 177
Using API’s Correctly 178
Using Security Features 179
Checking Time and State Relationships 180
Handling Exceptions and Errors Properly 180
Programming Robustly 181
Encapsulating Structures and Modules 183
Taking Environment into Account 183
Knowledge Unit Four: Analysis and Testing 184
Static and Dynamic Analysis 185
Unit Testing 186
 C o n t en t s ix

Integration Testing 186

Software Testing 187
Knowledge Unit Five: Deployment and Maintenance 187
Configuring 190
Patching and the Vulnerability Life Cycle 191
Checking Environment 192
DevOps 192
Decommissioning and Retiring 193
Knowledge Unit Six: Documentation 194
Installation Documents 196
User Guides and Manuals 197
Assurance Documentation 199
Security Documentation 199
Knowledge Unit Seven: Ethics 201
Ethical Issues in Software Development 202
Social Aspects of Software Development 204
Legal Aspects of Software Development 204
Vulnerability Disclosure 205
What, When, and Why to Test 206
Twenty Review Questions for This Chapter 207
You Might Also Like to Read 208
Chapter Summary 209
Learning Objectives for the Component Security
Knowledge Area 210
Keywords 211
Reference 212

chApter 5 component securit y 213

It All Starts with the Components 213
The CSEC2017 Component Security Knowledge Units 217
Knowledge Unit One: Component Design 219
Component Design Security 221
Principles of Secure Component Design 224
Component Identification 229
Anti-reverse Engineering Techniques 230
Side Channel Attack Mitigation 231
Anti-tamper Technologies 232
Knowledge Unit Two: Component Procurement 233
Supply Chain Risks 235
Supply Chain Security 236
Supplier Vetting 238
Knowledge Unit Three: Component Testing 239
Principles of Unit Testing 241
Security Testing 242
Stress Testing 243
Fuzz Testing 243
Penetration Tests 244
x C o n t en t s

Knowledge Unit Four: Component Reverse Engineering 244

Design Reverse Engineering 246
Hardware Reverse Engineering 247
Software Reverse Engineering 249
Forty Review Questions: Component Security 250
You Might Also Like to Read 251
Chapter Summary 252
Learning Objectives for the Component Security
Knowledge Area 258
Keywords 259
Reference 259

chApter 6 connection securit y 261

Introduction: The Challenge of Connecting the Enterprise 261
The CSEC Connection Security Knowledge Areas 264
Knowledge Unit One: Physical Media 265
Transmission in a Medium 267
Shared and Point-to-Point Media 268
Sharing Models 269
Common Technologies 271
Knowledge Unit Two: Physical Interfaces and Connectors 274
Hardware Characteristics and Materials 274
Standards 276
Common Connectors 277
Knowledge Unit Three: Hardware Architecture 279
Standard Architectures 280
Hardware Interface Standards 281
Common Architectures 282
Knowledge Unit Four: Distributed Systems Architecture 284
Network Architectures, General Concepts 286
World Wide Web 287
The Internet 288
Protocols and Layering 290
High Performance Computing (Supercomputers) 291
Hypervisors and Cloud Computing Implementations 292
Vulnerabilities 293
Knowledge Unit Five: Network Architecture 294
General Concepts 296
Common Architectures 297
Forwarding 298
Routing 299
Switching/Bridging 300
Emerging Trends 301
Virtualization and Virtual Hypervisor Architecture 302
Knowledge Unit Six: Network Implementations 302
IEEE 802/ISO Networks 303
IETF Networks and TCP/IP 304
 C o n t en t s xi

Practical Integration and Glue Protocols 305

Vulnerabilities and Example Exploits 306
Knowledge Unit Seven: Network Services 307
Concept of a Service 308
Service Models (Client–Server, Peer to Peer) 309
Service Protocols and Concepts (IPC, APIs, IDLs) 309
Common Service Communication Architectures 310
Service Virtualization 311
Vulnerabilities and Example Exploits 312
Knowledge Unit Eight: Network Defense 313
Network Hardening 314
Implementing Firewalls and Virtual Private Networks
(VPNs) 316
Defense in Depth 317
Honeypots and Honeynets 318
Network Monitoring 319
Network Traffic Analysis 319
Minimizing Exposure (Attack Surface and Vectors) 320
Network Access Control (Internal and External) 321
Perimeter Networks/Proxy Servers 322
Network Policy Development and Enforcement 323
Network Operational Procedures 323
Network Attacks 324
Threat Hunting and Machine Learning 327
Twenty Review Questions: Connection Security 329
You Might Also Like to Read 330
Chapter Summary 331
Learning Objectives for the Connection Security
Knowledge Area 333
Keywords 334
References 335

chApter 7 sys te m s ecu rit y 337

Assembling the Parts into a Useful Whole 337
The Key Role of Design in Systems 338
The CSEC2017 System Security Knowledge Units 340
Knowledge Unit One: System Thinking 342
What Is a System? 344
What Is Systems Engineering? 346
Security of General-Purpose Systems 346
Security of Special-Purposes Systems 347
Threat Models 348
Requirements Analysis 348
Fundamental Principles 349
Development for Testing 351
Knowledge Unit Two: System Management 351
Policy Models 353
x ii C o n t en t s

Policy Composition 353

Use of Automation 354
Patching and the Vulnerability Life Cycle 354
Operation 355
Commissioning and Decommissioning 357
Insider Threat 357
Documentation 357
Systems and Procedures 358
Knowledge Unit Three: System Access 358
Authentication Methods 360
Identity 360
Knowledge Unit Four: System Control 361
Access Control 362
Authorization Models 363
Intrusion Detection 365
Defenses 366
Audit 367
Malware 367
Vulnerability Models 368
Penetration Testing 368
Vulnerability Mapping 369
Forensics 369
Recovery Resilience 370
Knowledge Unit Five: System Retirement 370
Decommissioning 371
Knowledge Unit Six: System Testing 372
Validating Requirements 373
Validating Composition of Components 374
Unit versus System Testing 374
Formal Verification of Systems 375
Knowledge Unit Seven: Common System Architectures 376
Internet of Things (IoT) 378
Embedded Systems 378
Mobile Systems 378
Autonomous Systems 379
General-Purpose Systems 380
Seventy Review Questions: System Security 380
You Might Also Like to Read 383
Chapter Summary 384
Learning Objectives for the Component Security
Knowledge Area 389
Keywords 391
References 391

chApter 8 humAn securit y 393

Human-Centered Threats 393
Ensuring Disciplined Practice 394
 C o n t en t s x iii

The Challenging Case of Human Behavior 395

The CSEC2017 Human Security Knowledge Units 397
Knowledge Unit One: Identity Management 398
Identification and Authentication of People and Devices 400
Physical Asset Control 400
Identity as a Service (IDaaS) 401
Third-Party Identity Services 401
Access Control Attacks and Mitigation Measures 402
Knowledge Unit Two: Social Engineering 402
Types of Social Engineering Attacks 403
Psychology of Social Engineering Attacks 404
Misleading Users 405
Detection and Mitigation of Social Engineering Attacks 405
Knowledge Unit Three: Personal Compliance 406
System Misuse and User Misbehavior 409
Enforcement and Rules of Behavior 410
Proper Behavior under Uncertainty 411
Knowledge Unit Four: Awareness and Understanding 412
Cyber Hygiene 413
Cybersecurity User Education 414
Cyber Vulnerabilities and Threats Awareness 415
Knowledge Unit Five: Social and Behavioral Privacy 415
Social Theories of Privacy 417
Social Media Privacy and Security 417
Knowledge Unit Six: Personal Data Privacy and Security 418
Sensitive Personal Data 420
Personal Tracking and Digital Footprint 421
Knowledge Unit Seven: Usable Security and Privacy 422
Usability and User Experience 422
Human Security Factors 423
Policy Awareness and Understanding 423
Privacy Policy 424
Design Guidance and Implications 424
Seventy Review Questions: Human Security 425
You Might Also Like to Read 428
Chapter Summary 430
Learning Objectives for the Human Security
Knowledge Area 431
Keywords 433
References 434

chApter 9 o r g A n i z At i o n A l s e c u r i t y 435
Introduction Securing the Entire Enterprise 435
Integrating the Elements of Cybersecurity into an Applied
Solution 436
The CSEC2017 Organizational Security Knowledge Units 439
Knowledge Area One: Risk Management 440
xiv C o n t en t s

Risk Identification 443

Risk Assessment and Analysis 443
Insider Threats 444
Risk Measurement and Evaluation Models and
Methodologies 444
Risk Control 446
Knowledge Area Two: Security Governance and Policy 446
Organizational Context 447
Privacy 448
Laws, Ethics, and Compliance 449
Security Governance 450
Executive- and Board-Level Communication 451
Managerial Policy 452
Knowledge Area Three: Analytical Tools 452
Performance Measurements (Metrics) 454
Data Analytics 454
Security Intelligence 455
Knowledge Unit Four: Systems Administration 455
Operating System Administration 457
Database System Administration 458
Network Administration 459
Cloud Administration 460
Cyber-Physical System Administration 460
System Hardening 462
Availability 462
Knowledge Area Five: Cybersecurity Planning 463
Strategic Planning 464
Operational and Tactical Management 465
Knowledge Unit Six: Business Continuity, Disaster
Recovery, and Incident Management 466
Incident Response 468
Disaster Recovery 468
Business Continuity 470
Knowledge Unit Seven: Security Program Management 471
Project Management 472
Resource Management 473
Security Metrics 474
Quality Assurance and Quality Control 475
Knowledge Unit Eight: Personnel Security 476
Security Awareness, Training, and Education 477
Security Hiring Practices 478
Security Termination Practices 479
Third-Party Security 480
Security in Review Processes 480
Special Issue in Privacy of Employee Personal Information 481
Knowledge Unit Nine: Security Operations 481
Security Convergence 483
 C o n t en t s xv

Global Security Operations Centers (GSOCs) 484

Forty Review Questions: Organizational Security 485
You Might Also Like to Read 487
Additional Web Resources 487
Chapter Summary 488
Learning Objectives for the Organizational Security
Knowledge Area 493
Keywords 495
References 495

c h A p t e r 10 s o c i e tA l s e c u r i t y 497
Security and Worldwide Connectivity 497
Virtual Behavior and Diversity 498
Three Large-Scale Security Concerns: Why We Need
Societal Security 499
The CSEC2017 and the Profession 501
The CSEC2017 Societal Security Knowledge Units 503
Knowledge Unit One: Cybercrime 504
Cybercriminal Behavior 505
Cyberterrorism 508
Cybercriminal Investigation 509
Economics of Cybercrime 510
Knowledge Unit Two: Cyber Law 511
Constitutional Foundations of Cyber Law 512
Intellectual Property Related to Cybersecurity 515
Privacy Laws 517
Data Security Law 518
Computer Hacking Laws 519
Digital Evidence 520
Digital Contracts 521
Multinational Conventions (Accords) 523
Cross-Border Privacy and Data Security Laws 524
Knowledge Unit Three: Cyber Ethics 525
Defining Ethics 527
Professional Ethics and Codes of Conduct 528
Ethics and Equity/Diversity 530
Ethics and Law 530
Special Areas of Ethics: Robotics, War, and “Ethical”
Hacking 531
Knowledge Unit Four: Cyber Policy 532
International Cyber Policy 534
U.S. Federal Cyber Policy 535
Global Impact 536
Cybersecurity Policy and National Security 537
National Economic Implications of Cybersecurity 538
New Adjacencies to Diplomacy 538
Knowledge Unit Five: Privacy 539
xvi C o n t en t s

Defining Privacy 541

Privacy Rights 541
Safeguarding Privacy 542
Privacy Norms and Attitudes 543
Privacy Breaches 544
Privacy in Societies 545
Fifty Review Questions: Societal Security 546
You Might Also Like to Read 548
Chapter Summary 549
Learning Objectives for the Human Security Knowledge
Area 552
Keywords 553
References 554
index 555
Foreword 1

I have great pleasure in writing this foreword. I have worked with

Dan, Anne, and Ken over the past six years as this amazing team
has written six books for my book collection initiative. Their newest
effort, The Cybersecurity Body of Knowledge: The ACM/IEEE/AIS/IFIP
Recommendations for a Complete Curriculum in Cybersecurity, brings
together a comprehensive understanding of cybersecurity and should
be on the book shelf of every professor, student, and practitioner.
Right now, the study of cybersecurity is pretty much in the eye of
the beholder. This is the case because the number of interpretations
about what ought to be taught is only limited by the number of per-
sonal agendas out there in the field.
Through discussion with the team, I’ve learned that every well-
established discipline of scholarship and practice has gone through
the process of research, extensive discussions, formation of communi-
ties of practice, and thought leadership to continually build the body
of knowledge. Over time, diverse voices put forth ideas, concepts,
theories, and empirical evidence to advance the thinking, and in every
discipline, there comes a time when thought leadership establishes
generally accepted standards based on a comprehensive view of the
body of knowledge.
I believe that time has come for the discipline of cybersecurity.

x vii
x viii F o re w o rd 1

Beginning with a narrow focus on computer security, the disci-

pline has advanced tremendously and has accurately become known
as a fundamentally computing-based discipline that involves people,
information, technology, and processes. Additionally, as the threat
environment continues to expand, due to the expanse of global cyber
infrastructure, the interdisciplinary nature of the field includes aspects
of ethics, law, risk management, human factors, and policy. The grow-
ing need to protect not just corporate information and intellectual
property but also to maintain national security has created a demand
for specialists, across a range of work roles, with the knowledge of the
complexities of holistically assuring the security of systems. A vision
of proficiency in cybersecurity that aligns with industry needs and
involves a broad global audience of stakeholders was needed to provide
stability and an understanding of the boundaries of the discipline.
The formation of the CSEC2017 Joint Task Force – involving
four major international computing societies: the Association of
Computing Machinery (ACM), the IEEE Computer Society (IEEE
CS), the Association for Information Systems Special Interest
Group on Information Security and Privacy (AIS SIGSEC), and
the International Federation for Information Processing Technical
Committee on Information Security Education (IFIP WG 11.8) –
came together to publish the single commonly accepted guidelines for
cybersecurity curriculum (The CSEC2017 Report). The CSEC2017
Report has produced a thought model and structure in which the
comprehensive discipline of cybersecurity can be understood. With
this understanding, development within academic institutions and
industry can prepare a wide range of programs that are grounded in
fundamental principles.
This book explains the process by which the CSEC2017 was for-
mulated, its pedigree, and then it discusses the knowledge units of
each of the eight knowledge area categories of the field in detail. Upon
reading this book, the reader will understand the knowledge that is
required as well as a basic understanding of the application and pur-
pose of each of these myriad elements.
I have studied the various chapters and believe the seamless flow
of the content will be beneficial to all readers. The extensive use of
visuals greatly improves the readability as well as supports a better
understanding of the extensive number of knowledge topics that are
 F o re w o rd 1 xix

involved. While knowledge knows no end, dissemination and shar-

ing of knowledge are critical in today’s world. I believe this book will
help form the foundation of a comprehensive and generally accepted
cybersecurity body of knowledge and I congratulate the team on their
work and their amazing result.
Dan Swanson
Series Editor
Taylor & Francis
Taylor & Francis Group
http://taylorandfrancis.com
Foreword 2

Cybersecurity is professionalizing. As a field, it has spawned from

technical disciplines where it is an increasingly difficult fit, given its
increasingly interdisciplinary nature. What started as a one-size-fits-
all subject, about mitigating vulnerabilities in information systems, is
now expected to cover the range of topics that a Chief Information
Security Officer must consider when building an approach to keeping
information safe within an organization. This not only includes the
technical tools but also things such as policy, procedures, awareness
training, audit, compliance, law, and privacy. These subjects clearly
go beyond computer science or electrical engineering where students
learn to build and apply cybersecurity system components.
Add to this challenge the fact that cybersecurity is evolving quickly.
No sooner is a book published than it begins to become out of date!
What a challenge for academics and practitioners alike to stay current!
And if cybersecurity is becoming a profession like medicine or law,
how difficult it becomes to ensure that employers in different parts of
the country know what knowledge is in the minds of the cybersecu-
rity expertise they hire. These are employees they are entrusting with
the very life blood of their organizations, their information. There is a
reason practitioners refer to the “crown jewels” of the company when
they identify their most sensitive and valuable data.

xxi
x x ii F o re w o rd 2

With Snowden’s and the Manning’s raising awareness of how vul-

nerable an organization’s information can be, how big the impacts if
compromised, we need to ensure that those we hire to protect it have
the knowledge, experience, integrity, and maturity to warrant trust.
Hence, the effort to professionalize the field. We’re seeing the emer-
gence of codes of conduct, internship programs, certification testing,
and standard curricula—all hallmarks of a profession.
Educational standards are at the very heart of any professional dis-
cipline. We need to know what those we hire know. Using medicine
as an example, we have comfort that no matter what medical school
a doctor attends, the basic curriculum is the same and we have board
exams and accreditations for verification. Likewise, we need to have
the same for cybersecurity, a practice that, if not performed well,
could cripple infrastructure, bring down cities, and even cause deaths
in the case of medical devices that are increasingly relied upon, yet are
exposed online.
My colleagues Daniel Shoemaker, Anne Kohnke, and Ken Sigler
have been working on standardization of cybersecurity curriculum for
years – first in support of the NSA’s efforts to specify what they need
in a cybersecurity professional through their NIETP organization
which created, working with NIST, the beginnings of educational
standards and then through the various evolutions as DHS, profes-
sional organizations, certifications have made their contributions.
As the ACM has stepped up to creating cybersecurity education
guidelines that invite other countries to help define them, it’s time
to acknowledge the development of what is becoming a set of edu-
cational standards that cybersecurity professionals around the world
are acknowledging. With their book, the authors are presenting the
case for educational standards as an important part of the emerging
profession of cybersecurity.
I remember not too long ago when an HR executive from a large
company in my region expressed frustration that advertising for
cybersecurity expertise was not enough. You need to know what sub-
discipline candidates know and what knowledge base they have in
their minds so you can hire appropriately. Since that conversation,
NIST/NICE, NSA, DHS, and ACM have wrestled with defining
the field. The author’s contribution is to synthesize this history and
 F o re w o rd 2 x x iii

make the case for reliable educational standards that are the founda-
tion of any profession.
Knowing the authors as I do, I can think of no others who could
better make this case and also identify the appropriate time – now –
to do so. This is an important contribution to the evolution of the
cybersecurity profession to the next step – a profession like any other.
This is an exciting time to be in this field. I thank the authors for
their efforts.
Barbara Endicott-Popovsky, PhD
Professor and Executive Director,
Center for Information Assurance and Cybersecurity
University of Washington;
Editor in Chief,
Colloquium for Information Systems Security Educators (CISSE) Journal
Taylor & Francis
Taylor & Francis Group
http://taylorandfrancis.com
Author Biographies

Daniel Shoemaker, PhD, is full professor, senior research scientist,

and program director at the University of Detroit Mercy’s Center for
Cyber Security and Intelligence Studies. Dan is a former chair of the
Cybersecurity & Information Systems Department and has authored
numerous books and journal articles focused on cybersecurity.

Anne Kohnke, PhD, is an associate professor of cybersecurity and

the principle investigator of the Center for Academic Excellence in
Cyber Defense at the University of Detroit Mercy. Anne’s research
is focused in cybersecurity, risk management, threat modeling, and
mitigating attack vectors.

Ken Sigler is a faculty member of the Computer Information Systems

(CIS) program at the Auburn Hills Campus of Oakland Community
College in Michigan. Ken’s research is in the areas of software man-
agement, software assurance, and cybersecurity.

xxv
Taylor & Francis
Taylor & Francis Group
http://taylorandfrancis.com
Introduction

The Vital Need for Common Agreement

Every profession is built around formal agreement about the under-

lying knowledge of the field. This agreement serves as the point of
departure for building an academic discipline. In the case of the dis-
cipline of cybersecurity, there has never been a definitive, commonly
accepted standard of the critical elements of the field. The purpose of
the CSEC2017 Report (referred to as CSEC2017 for the remainder
of the book) is to provide an authoritative standard.
The CSEC2017 is built around the assumption that there is a
responsibility to specifically articulate what constitutes the field of
cybersecurity. The goal of the CSEC2017 is to detail the communal
knowledge areas and their constituent knowledge elements. In service
of this, the CSEC2017 states and clarifies the separate educational
elements of cybersecurity and their interrelationships to each other
in professional practice. Each individual knowledge area is different
in its focus and aims. Therefore, these disparate knowledge require-
ments need to be integrated into a single strategic infrastructure that
amounts to a comprehensive definition of the field. The value of a
single unified definition is that it provides the depth of understanding
necessary to ensure complete, in-depth solutions.

x x vii
x x viii In t r o d u c ti o n

CSEC2017 focuses on the definition of a set of standard knowl-

edge elements rather than the usual teaching and learning issues. In
essence, the CSEC 2017 provides a complete conceptual structure
containing every knowledge element that is considered to be germane
to the study of cybersecurity. The CSEC2017 Report essentially doc-
uments and interrelates all of the necessary learning elements into
a single common definition of the discipline cybersecurity and is
one of the two groundbreaking aspects of this project. The other is
that CSEC2017 provides a comprehensive roadmap for teaching and
learning holistic cybersecurity.
The latter is important because the lack of a common understand-
ing of the ways in which the diverse elements of the field fit together
is one of the major stumbling blocks in building coherent responses to
threats. Consequently, the synthesis of the details of the cybersecurity
process into a single unified understanding is an invaluable asset for
cybersecurity educators.

Defining the Elements of the Field of Cybersecurity: What is CSEC2017?

The CSEC2017 Joint Task Force on Cybersecurity Education (JTF)

originated in September 2015 (CSEC-JTF, 2017). The CSEC2017
mission was twofold, “To initiate the processes for (1) developing under-
graduate curricular guidance and (2) establish a case for the accredi-
tation of educational programs in the cyber sciences.” (CSEC, 2017,
p. 10). The recommendations in the report represent fully sanctioned,
all-inclusive guidelines about the content and structure of a cyber-
security curriculum. It must be understood that these recommenda-
tions are a single conceptual framework for the field. The CSEC2017
document does NOT specify a single monolithic approach, nor is it
prescriptive. Instead, the CSEC2017 body of knowledge is meant to
be used either completely or in part to develop relevant courses and to
modify a broad range of existing programs or course concentrations
(CSEC, 2017).
The CSEC2017 delineates the boundaries of the discipline and
outlines key dimensions of the curricular structure of the study of
cybersecurity. Its aim is, “To develop curricular guidance that is
comprehensive enough to support a wide range of program types
and to develop curricular guidance that is grounded in fundamental
Another random document with
no related content on Scribd:
like articles of Porto Rican manufacture: Provided, That on
and after the date when this Act shall take effect, all
merchandise and articles, except coffee, not dutiable under
the tariff laws of the United States, and all merchandise and
articles entered in Porto Rico free of duty under' orders
heretofore made by the Secretary of War, shall be admitted
into the several ports thereof, when imported from the United
States, free of duty, all laws or parts of laws to the
contrary notwithstanding; and whenever the legislative
assembly of Porto Rico shall have enacted and put into
operation a system of local taxation to meet the necessities
of the government of Porto Rico, by this Act established, and
shall by resolution duly passed so notify the President, he
shall make proclamation thereof, and thereupon all tariff
duties on merchandise and articles going into Porto Rico from
the United States or coming into the United States from Porto
Rico shall cease, and from and after such date all such
merchandise and articles shall be entered at the several ports
of entry free of duty; and in no event shall any duties be
collected after the first day of March, nineteen hundred and
two, on merchandise and articles going into Porto Rico from
the United States or coming into the United States from Porto
Rico.

"SECTION 4.
That the duties and taxes collected in Porto Rico in pursuance
of this Act, less the cost of collecting the same, and the
gross amount of all collections of duties and taxes in the
United States upon articles of merchandise coming from Porto
Rico, shall not be covered into the general fund of the
Treasury, but shall be held as a separate fund, and shall be
placed at the disposal of the President to be used for the
government and benefit of Porto Rico until the government of
Porto Rico herein provided for shall have been organized, when
all moneys theretofore collected under the provisions hereof,
then unexpended, shall be transferred to the local treasury of
Porto Rico, and the Secretary of the Treasury shall designate
 the several ports and sub-ports of entry in Porto Rico, and
shall make such rules and regulations and appoint such agents
as may be necessary to collect the duties and taxes authorized
to be levied, collected, and paid in Porto Rico by the
provisions of this Act, and he shall fix the compensation and
provide for the payment thereof of all such officers, agents,
and assistants as he may find it necessary to employ to carry
out the provisions hereof: Provided, however, That as soon as
a civil government for Porto Rico shall have been organized in
accordance with the provisions of this Act and notice thereof
shall have been given to the President he shall make
proclamation thereof, and thereafter all collections of duties
and taxes in Porto Rico under the provisions of this Act shall
be paid into the treasury of Porto Rico, to be expended as
required by law for the government and benefit thereof instead
of being paid into the Treasury of the United States."

PORTO RICO: A. D. 1900 (April).

Act to provide temporarily for the civil government
of the Island.

The fundamental provisions of the act of the Congress of the

United States to provide temporarily for the civil government
of Porto Rico, which the President approved April 12, 1900,
are the following:

"SECTION 6.
That the capital of Porto Rico shall be at the city of San
Juan and the seat of government shall be maintained there.

"SECTION 7.
That all inhabitants continuing to reside therein who were
Spanish subjects on the eleventh day of April, eighteen
hundred and ninety-nine, and then resided in Porto Rico, and
their children born subsequent thereto, shall be deemed and
held to be citizens of Porto Rico, and as such entitled to the
protection of the United States, except such as shall have
 elected to preserve their allegiance to the Crown of Spain on
or before the eleventh day of April, nineteen hundred, in
accordance with the provisions of the treaty of peace between
the United States and Spain entered into on the eleventh day
of April, eighteen hundred and ninety-nine; and they, together
with such citizens of the United States as may reside in Porto
Rico, shall constitute a body politic under the name of The
People of Porto Rico, with governmental powers as hereinafter
conferred, and with power to sue and be sued as such.

{416}

"SECTION 8.
That the laws and ordinances of Porto Rico now in force shall
continue in full force and effect, except as altered, amended,
or modified hereinafter, or as altered or modified by military
orders and decrees in force when this Act shall take effect,
and so far as the same are not inconsistent or in conflict
with the statutory laws of the United States not locally
inapplicable, or the provisions hereof, until altered,
amended, or repealed by the legislative authority hereinafter
provided for Porto Rico or by Act of Congress of the United
States: Provided, That so much of the law which was in force
at the time of cession, April eleventh, eighteen hundred and
ninety-nine, forbidding the marriage of priests, ministers, or
followers of any faith because of vows they may have taken,
being paragraph four, article eighty-three, chapter three,
civil code, and which was continued by the order of the
secretary of justice of Porto Rico, dated March seventeenth,
eighteen hundred and ninety-nine, and promulgated by
Major-General Guy V. Henry, United States Volunteers, is
hereby repealed and annulled, and all persons lawfully married
in Porto Rico shall have all the rights and remedies conferred
by law upon parties to either civil or religious marriages:
And provided further, That paragraph one, article one hundred
and five, section four, divorce, civil code, and paragraph
two, section nineteen, of the order of the minister of justice
of Porto Rico, dated March seventeenth, eighteen hundred and
ninety-nine, and promulgated by Major-General Guy V. Henry,
United States Volunteers, be, and the same hereby are, so
amended as to read: 'Adultery on the part of either the
husband or the wife.' …

"SECTION 14.
That the statutory laws of the United States not locally
inapplicable, except as hereinbefore or hereinafter otherwise
provided, shall have the same force and effect in Porto Rico
as in the United States, except the internal-revenue laws,
which, in view of the provisions of section three, shall not
have force and effect in Porto Rico.

"SECTION 15.
That the legislative authority hereinafter provided shall have
power by due enactment to amend, alter, modify, or repeal any
law or ordinance, civil or criminal, continued in force by
this Act, as it may from time to time see fit.

"SECTION 16.
That all judicial process shall run in the name of 'United
States of America, ss: the President of the United States,'
and all criminal or penal prosecutions in the local courts
shall be conducted in the name and by the authority of 'The
People of Porto Rico'; and all officials authorized by this
Act shall before entering upon the duties of their respective
offices take an oath to support the Constitution of the United
States and the laws of Porto Rico.

"SECTION 17.
That the official title of the chief executive officer shall
be 'The Governor of Porto Rico.' He shall be appointed by the
President, by and with the advice and consent of the Senate;
he shall hold his office for a term of four years and until
his successor is chosen and qualified unless sooner removed by
the President; he shall reside in Porto Rico during his
official incumbency, and shall maintain his office at the seat
of government; he may grant pardons and reprieves, and remit
fines and forfeitures for offenses against the laws of Porto
Rico, and respites for offenses against the laws of the United
States, until the decision of the President can be
ascertained; he shall commission all officers that he may be
authorized to appoint, and may veto any legislation enacted,
as hereinafter provided; he shall be the commander in chief of
the militia, and shall at all times faithfully execute the
laws, and he shall in that behalf have all the powers of
governors of the Territories of the United States that are not
locally inapplicable; and he shall annually, and at such other
times as he may be required, make official report of the
transactions of the government in Porto Rico, through the
Secretary of State, to the President of the United States:
Provided, That the President may, in his discretion, delegate
and assign to him such executive duties and functions as may
in pursuance with law be so delegated and assigned.

"SECTION 18.
That there shall be appointed by the President, by and with
the advice and consent of the Senate, for the period of four
years, unless sooner removed by the President, a secretary, an
attorney-general, a treasurer, an auditor, a commissioner of
the interior, and a commissioner of education, each of whom
shall reside in Porto Rico during his official incumbency and
have the powers and duties hereinafter provided for them,
respectively, and who, together with five other persons of
good repute, to be also appointed by the President for a like
term of four years, by and with the advice and consent of the
Senate, shall constitute an executive council, at least five
of whom shall be native inhabitants of Porto Rico, and, in
addition to the legislative duties hereinafter imposed upon
them as a body, shall exercise such powers and perform such
duties as are hereinafter provided for them, respectively, and
who shall have power to employ all necessary deputies and
assistants for the proper discharge of their duties as such
 officials and as such executive council. …

"SECTION 27.
That all local legislative powers hereby granted shall be
vested in a legislative assembly which shall consist of two
houses; one the executive council, as hereinbefore
constituted, and the other a house of delegates, to consist of
thirty-five members elected biennially by the qualified voters
as hereinafter provided; and the two houses thus constituted
shall be designated 'The legislative assembly of Porto Rico.'

"SECTION 28.
That for the purposes of such elections Porto Rico shall be
divided by the executive council into seven districts,
composed of contiguous territory and as nearly equal as may be
in population, and each district shall be entitled to five
members of the house of delegates.

SECTION 29.
That the first election for delegates shall be held on such
date and under such regulations as to ballots and voting as
the executive council may prescribe. … At such elections all
citizens of Porto Rico shall be allowed to vote who have been
bona fide residents for one year and who possess the other
qualifications of voters under the laws and military orders in
force on the first day of March, 1900, subject to such
modifications and additional qualifications and such
regulations and restrictions as to registration as may be
prescribed by the executive council. …

{417}

"SECTION 32.
That the legislative authority herein provided shall extend to
all matters of a legislative character not locally inapplicable,
including power to create, consolidate, and reorganize the
municipalities, so far as may be necessary, and to provide and
repeal laws and ordinances therefor; and also the power to
alter, amend, modify, and repeal any and all laws and
ordinances of every character now in force in Porto Rico, or
any municipality or district thereof, not inconsistent with
the provisions hereof: Provided, however, That all grants of
franchises, rights, and privileges or concessions of a public
or quasi-public nature shall be made by the executive council,
with the approval of the governor, and all franchises granted
in Porto Rico shall be reported to Congress, which hereby
reserves the power to annul or modify the same.

"SECTION 33.
That the judicial power shall be vested in the courts and
tribunals of Porto Rico as already established and now in
operation, including municipal courts. …

"SECTION 34.
That Porto Rico shall constitute a judicial district to be
called 'the district of Porto Rico.' The President, by and
with the advice and consent of the Senate, shall appoint a
district judge, a district attorney, and a marshal for said
district, each for a term of four years, unless sooner removed
by the President. The district court for said district shall
be called the district court of the United States for Porto
Rico.

"SECTION 35.
That writs of error and appeals from the final decisions of
the supreme court of Porto Rico and the district court of the
United States shall be allowed and may be taken to the Supreme
Court of the United States in the same manner and under the
same regulations and in the same cases as from the supreme
courts of the Territories of the United States. …

"SECTION 39.
That the qualified voters of Porto Rico shall, on the first
Tuesday after the first Monday of November, anno Domini
 nineteen hundred, and every two years thereafter, choose a
resident commissioner to the United States, who shall be
entitled to official recognition as such by all Departments,
upon presentation to the Department of State of a certificate
of election of the governor of Porto Rico, and who shall be
entitled to a salary, payable monthly by the United States, at
the rate of five thousand dollars per annum: Provided, That no
person shall be eligible to such election who is not a bona
fide citizen of Porto Rico, who is not thirty years of age,
and who does not read and write the English language.

"SECTION 40.
That a commission, to consist of three members, at least one
of whom shall be a native citizen of Porto Rico, shall be
appointed by the President, by and with the advice and consent
of the Senate, to compile and revise the laws of Porto Rico; also
the various codes of procedure and systems of municipal
government now in force, and to frame and report such
legislation as may be necessary to make a simple, harmonious,
and economical government, establish justice and secure its
prompt and efficient administration, inaugurate a general
system of education and public instruction, provide buildings
and funds therefor, equalize and simplify taxation and all the
methods of raising revenue, and make all other provisions that
may be necessary to secure and extend the benefits of a
republican form of government to all the inhabitants of Porto
Rico."

PORTO RICO: A. D. 1900 (May).

Organization of civil government.
Appointment of Governor Allen.

Under the Act to establish civil government in Porto Rico,

Honorable. Charles H. Allen, formerly a representative in
Congress from Massachusetts, and lately Assistant-Secretary of
the Navy, was appointed to the governorship of the island. Mr.
J. H. Hollander, of Maryland, was appointed Treasurer, and Mr.
 John R. Garrison, of the District of Columbia, Auditor.
Governor Allen was inducted into office with considerable
ceremony, at San Juan, on the 1st of May.

PORTO RICO: A. D. 1900 (August-October).

First steps in the creation of a public school system.

"The report of M. G. Brumbaugh, commissioner of education, on

education in Porto Rico, dated October 15, 1900, shows what
has been accomplished in the short time that elapsed after the
commissioner entered upon his duties on August 4, 1900. … The
people want schools … and the pupils will attend them. In
1899, 616 schools were opened in Porto Rico. In 1900 the
department will maintain at least 800 schools, an increase of
30 per cent, which will provide for nearly 9,000 additional
pupils.

"In 1899 there were 67 Americans in the teaching force of the

island. Since October 1, 1900, the number has increased to
100. The commissioner criticises one class of teachers who are
'seekers after novelty and new experiences, who imposed upon the
administration and the children, and who used the salary and
position of teacher solely to see a new country for a year and
then return. … The people of Porto Rico have patiently borne
with these adventurers, and quietly longed for their
departure.' This class of teachers is now gone and the newly
selected American teachers have some knowledge of Spanish and
are graduates of universities, colleges, and normal schools in
the States, and are for the most part young men and women of
ability and discretion. The salaries of American teachers were
fixed by law at $40 per month for nine months in cities of
less than 5,000 population. In cities of larger population the
salary was $50 per month for nine months and both are
inadequate, although at the time the salaries were fixed the
War Department provided free transportation from and to the
United States. This transportation may now be withdrawn at any
time, and the small inducement held out by the meager salary
 offered to teachers is not calculated to invite the best class
of them to the island.

"The new normal and industrial school at Fajardo, which was to

have been established by the joint efforts of the local
municipality and the American Government, was only so far
advanced that the land had been purchased by the end of
September, 1900. The normal department was opened October 1,
in a rented building, while the industrial department cannot
be opened until suitable quarters are provided. The
commissioner recommends that the United States make this place
the site of an agricultural experiment station for which it is
pre-eminently fitted. On account of the industries of the
country—coffee, sugar, tobacco, and fruit—agriculture could be
well studied here, and free boarding, lodging, and tuition would
be given the students, who would be for the most part poor
boys and girls.

"As to the school accommodation, the commissioner states that

there are no public school buildings in Porto Rico. The
schools are conducted in rented houses or rooms which are
often unfit for the purpose, and the hygienic conditions are
bad. There is a wide field, or rather a demand, for
improvement in this direction, as well as in the school
equipment and material.

{418}

In 1899, $33,000 was expended for school-books, and in 1900,

$20,000 will be expended for books and supplies, which shall
be free. In the United States 'free books' means usually their
purchase by local boards and free use by the pupils. In Porto
Rico the books and supplies will be free to the pupils without
expense to the local boards. A pedagogical museum and library
has been established for the benefit of teachers and others.
About 300 volumes have been contributed to the library from
friends in the States, and the Department will make the number
 up to 500 by purchase. A library of 5,000 volumes of standard
Spanish and American literature was found in a building in San
Juan, which has been installed in suitable rooms as a public
library.

"Many of the leading institutions of the United States have

responded cordially to the application of the Department of
Education on behalf of young Porto Ricans who wish to
prosecute their studies in colleges and universities. Some
have offered free tuition, some have added free lodging, while
others have offered even free living to all such students as
wish to avail themselves of their instruction. Many young
Porto Ricans have availed themselves of these generous offers.

"There are now 800 schools in Porto Rico, and 38,000 pupils
attending them, while there are 300,000 children of school age
for whom there are no accommodations. But the commissioner
expresses the hope that gradually the great illiteracy in
Porto Rico will be reduced, and the people prepared for the
duties of citizenship in a democracy by means of the schools
that shall be established. … The total expenditure for
education in Porto Rico from the 1st of May to the end of
September was $91,057.32."

United States, Secretary of the Interior,

Annual Report, November 28, 1900, page 116.

PORTO RICO: A. D. 1900 (November-December).

The first election under U. S. law.
Meeting of the Legislative Assembly.

The first election in the Island under the provisions of the

Act recited above occurred on the 6th of November
simultaneously with the elections in the United States. It
seems to have been almost entirely a one-sided vote. "About
two weeks before election day," says a despatch from San Juan,
November 7, "the Federal Party, which carried the island at
the election of less than a year ago by a majority of 6,500
votes, suddenly withdrew from the electoral contest. The
Federal leaders sent instruction to their followers not to
appear at the polls, but the Federal Election Judges were
instructed to appear and watch the proceedings until the
elections were concluded in order to gather evidence of any
unfairness in the registration and any irregularity in the
voting. The Federal Party intends to institute court
proceedings after the election in the hope of nullifying it,
claiming that gross irregularities in the registration and
voting will be shown, and alleging that the districting was
not done according to law." Only about 200 Federals voted, it
is stated, while some 60,000 votes were cast for the
candidates of the Republicans. Governor Allen cabled the
following announcement of the election to President McKinley:
"I am gratified and delighted. The outcome in Porto Rico is a
guarantee of the island's future. To bring people who had long
been under different rules and conditions to their first
general election, to have the election pass off as quietly and
orderly as in any State of the North conducted by the people
without let or hindrance, and without a soldier or armed force
of any sort, and to have nearly 60.000 men march to the polls
to deposit their first ballot for self-government in such a
manner, are good reasons for congratulation, not only to the
people of the island, but to the painstaking members of the
Administration, who had worked diligently and patiently to
this end. This overwhelming Republican victory also means
legislation for the good of the island in line with the
American Administration. It means stable government and the
protection of property interests, with which prospective
investors in Porto Rico are deeply concerned. It means
education, public works, and all the beneficent works which
follow legislation wisely and conscientiously undertaken. It
is an emphatic declaration of unqualified loyalty to the
United States."

The newly elected Legislative Assembly met and the House of

Delegates was organized December 3. A correspondent of the
"New York Tribune," writing a week later, said: "Already
nineteen bills have been introduced. To introduce nineteen
bills in six days after organizing, as well as forming the
regular committees, is not bad work when it is considered that
not one of the members had the slightest idea of parliamentary
procedure. During the session one of the members may be seen
making frequent trips to the Executive Mansion, where he
confers with Secretary Hunt in regard to some doubtful point.
It is said by some that in a short time the lower house will
be controlled entirely by the portfolio members of the
Council. It is known that the five Porto Rican members of the
Council, when considering the question of franchises, etc.,
often vote contrary to their own ideas in order that the
Council may continue harmonious. But it is not likely that the
heads of departments will be able to control the thirty-five
members of the House. The House, although regularly elected,
is not representative of the island; the Federals refraining
from voting kept over half the natives from the polls. The
Federal party, it is asserted, is made up of the richest and
best element of Porto Rico. The Republicans, though in power,
do not feel that they are able to run things alone, so the
majority is willing to be dictated to by the Council.
Nevertheless there is a certain element in the House which
will not be dictated to. So soon as any really important bill
comes up for debate it is predicted that the House will divide
against itself. And a little later, when the House passes some
pet bill and the Council rejects it, the House will probably
resign in a body. It is a natural trait of the people.'

After another fortnight had passed, the same correspondent

wrote very discouragingly of the disposition shown by a
majority of the members of the House of Delegates, and their
conduct of business, and stated: "The popular opinion among
the Americans, even among some of the higher officials, is
that if the House continues as it is Congress will abolish it
altogether, and govern the island through a Governor and
 Cabinet. Such irregular procedure has been followed that it is
a question here whether any business has been legally done."

{419}

PORTO RICO: A. D. 1901 (January),

Close of the first session of the Legislative Assembly.

The first session of the first Legislative Assembly of the

island came to a close on the 31st of January, 1901, and the
following remarks on its work were made in a newspaper
despatch of that date from San Juan: "Over one hundred bills
have been introduced in the House of Delegates, and dozens
have been passed by both houses, and are awaiting the
Governor's approval. … Committees have a hard day's work if
they get together and agree to pass the bills on hand before
midnight to-night. Ever since the House of Delegates resumed
business after the new year, eight or nine members have been
continually absent. There are only thirty-five members
altogether, and the island is small, yet twenty-six has been
the average attendance. A full attendance for even one day is
not recorded. It was predicted that a number of the members
would resign; they did not. They simply remained away, like
truant schoolboys. A bill has been passed providing for the
education of certain young Porto Rican men and women in the
United States, about two hundred of them having petitioned the
House of Delegates to be sent north at the island's expense.
It is not known on what ground these petitions have been made.
The island expends about $400,000 yearly on education, and
excellent educational facilities are offered. But the people,
in a way, seem to discredit the value of the opportunities at
hand."

PORTO RICO: A. D. 1901 (April).

Distress of the workingmen of the Island.
Their appeal to the President of the United States.
 The following petition, signed by 6,000 of the workingmen of
Porto Rico, was brought to the United States by a delegate
from the Federation of Labor in Porto Rico and presented to
President McKinley on the 15th of April:

"The undersigned, workers of Porto Rico, without distinction

of color, political or religious creed, have the honor to
bring to your attention the following facts: Misery, with all
its horrible consequences, is spreading in our homes with
wonderful rapidity. It has already reached such an extreme
that many workers are starving to death while others, that
have not the courage to see their mothers, wives, sisters and
children perish of hunger, commit suicide by drowning
themselves in the rivers or hanging themselves from branches
of trees. All this, honorable sir, is due to the scarcity of
work, which keeps us in enforced idleness, the mother of our
misery. Our beautiful estates are idle; our lands are not
being cultivated; our shops remain closed; and our Chambers do
absolutely nothing to prevent our misery on this once so rich
an island. The Government and municipality do not undertake
any public works to keep us out of idleness. The emigration of
workers, unknown in this island before, increases day by day,
in proportion as misery increases. Under these trying
conditions we are no longer a happy and contented people. We
therefore, beg of you, honorable sir, to interest yourself in
our cause, leading us, as the father of our country, in the
path that will bring us work, and with it the means of
subsistence. We want work; nothing but work. We want to earn
the means of subsistence by the sweat of our brows; and nobody
better than our Chief Magistrate can help us by lending ear to
our appeals. "

----------PORTO RICO: End--------

PORTUGAL: A. D. 1891-1900.
Delagoa Bay Arbitration.
 See (in this volume)
DELAGOA BAY ARBITRATION.

PORTUGAL: A. D. 1898.
Alleged Treaty with Great Britain.

There is said to be knowledge in diplomatic circles of a

treaty between Great Britain and Portugal, concluded in 1898,
which has never been made public, but which is understood to
engage the former to assist the latter financially and to
protect the kingdom as against dangers both external and
internal. In return it is believed that England received the
right to embark and disembark troops, stores and ammunitions
at any point on Portuguese territory in Africa, to keep them
there, or to convey them across Portuguese territory to any
point she might see fit, irrespective as to whether she was at
war with any third Power. Circumstances have given some
support to this rumor, but it has no positive confirmation.

PORTUGAL: A. D. 1899.
Reciprocity Treaty with the United States.

See (in this volume)

UNITED STATES OF AMERICA: A. D. 1899-1901.

PORTUGAL: A. D. 1899 (May-July).

Representation in the Peace Conference at The Hague.

See (in this volume)

PEACE CONFERENCE.

PORTUGUESE EAST AFRICA: A. D. 1895-1896.

War with Gungunhana.

See (in this volume)

AFRICA: A. D. 1895-1896 (PORTUGUESE EAST AFRICA).
POSTAGE, British Imperial Penny.

See (in this volume)

ENGLAND: A. D. 1898 (DECEMBER).

POWERS, Concert of the.

See (in this volume)

CONCERT OF EUROPE.

POWERS, The four great.

See (in this volume)

NINETEENTH CENTURY: EXPANSION.

PRATT, Consul:
Interviews with Aguinaldo at Singapore.

See (in this volume)

UNITED STATES OF AMERICA:
A. D. 1898 (APRIL-MAY: PHILIPPINES).

"PREDOMINANT MEMBER," Remarks of Lord Rosebery on the.

See (in this volume)

ENGLAND: A. D. 1894-1895.

PREHISTORIC DISCOVERIES.

See (in this volume)

ARCHÆOLOGICAL RESEARCH.

PREMPEH, Overthrow of King.

See (in this volume)

ASHANTI.
PRESBYTERIAN CHURCHES: Union in Scotland.

See (in this volume)

SCOTLAND: A. D. 1900.

PRESS, The:
Relaxation of restrictions in Poland.

See (in this volume)

RUSSIA: A. D. 1897.

PRESS, The:
Prosecutions in Germany.

See (in this volume)

GERMANY: A. D. 1900 (OCTOBER 9).

PRETORIA: A. D. 1894.
Demonstration of British residents.

See (in this volume)

SOUTH AFRICA (THE TRANSVAAL): A. D. 1894.

PRETORIA: A. D. 1900.
Taken by the British forces.

See (in this volume)

SOUTH AFRICA (THE FIELD OF WAR):
A. D. 1900 (MAY-JUNE).

PRIMARY ELECTION LAW.

See (in this volume)

NEW YORK STATE: A. D. 1898.

PRINCE EDWARD'S ISLAND.

 See (in this volume)
CANADA.

{420}

PRINCETON UNIVERSITY:
Celebration of 250th anniversary.
Assumption of new name.

See (in this volume)

EDUCATION (UNITED STATES): A. D. 1896.

PRINSLOO, Commandant: Surrender.

See (in this volume)

SOUTH AFRICA (THE FIELD OF WAR):
A. D. 1900 (JUNE-DECEMBER).

PROCTOR, Senator Redfield:

Account of the condition of the Cuban Reconcentrados.

See (in this volume)

CUBA: A. D. 1897-1898 (DECEMBER-MARCH).

PROGRESSISTS,
PROGRESSIVES.

See (in this volume)

AUSTRIA-HUNGARY: A. D. 1897;
JAPAN: A. D. 1890-1898, and after;
SOUTH AFRICA (CAPE COLONY): A. D. 1898,
and 1898 (MARCH-OCTOBER).

PROHIBITION PARTY, The.

See (in this volume)

UNITED STATES OF AMERICA:
 A. D. 1896 (JUNE-NOVEMBER);
and 1900 (MAY-NOVEMBER).

PROHIBITION PLEBISCITE, Canadian.

See (in this volume)

CANADA: A. D. 1898 (SEPTEMBER).

PROTECTIVE TARIFFS.

See (in this volume)

TARIFF LEGISLATION.

PROTOCOL, for suspension of Spanish-American War.

See (in this volume)

UNITED STATES OF AMERICA:
A. D. 1898 (JULY-DECEMBER).

PRUSSIA: Census, 1895.

See (in this volume)

GERMANY: A. D. 1895 (JUNE-DECEMBER).

PRUSSIA: A. D. 1899-1901.
Canal projects.

See (in this volume)

GERMANY: A. D. 1899 (AUGUST); and 1901 (JANUARY).

PRUSSIA: A. D. 1901.
Bicentenary celebration.

The bicentenary of the coronation of the first King of Prussia

was celebrated with much ceremony and festivity on the 18th of
January, 1901.