CIS 608 Logo

CIS 608 Logo
CIS 608 - Information Security Management

Friday, December 9, 2011

Post 069 - CIS 608




The M.S. in Cybersecurity at Bellevue University
(Click for more information)

I started this program on Monday, August 29, 2011. The links below will take you to the course blog that has been set up for each course in this program:

=========================================================

CIS 608 - Information Security Management
CYBR 515 - Security Architecture and Design
CYBR 510 - Physical, Operations, and Personnel Security
CIS 537 - Introduction to Cyber Ethics
CIS 607 - Computer Forensics
CYBR 520 - Human Aspects of Cybersecurity
CYBR 610 - Risk Management Studies
CYBR 615 - Cybersecurity Governance and Compliance
CYBR 625 - Business Continuity Planning and Recovery
DET 630 - Cyber Warfare & Deterrence
CYBR 525 - Ethical Hacking and Response
CYBR 650 - Current Trends in Cybersecurity


=========================================================

If you are interested in me and my career, here are some additional links:

Resume
Career
Certifications
Credentials
ISO 27001
M.S.
MBA
Bio
Writing
Thoughts
Secrets
Chicago
Love Story

====================================

William Favre Slater, III
MBA, M.S., PMP, CISSP, SSCP, CISA, ISO 27002, ISO 20000, ITIL v3, Cloud Computing Foundation
Project Manager / Program Manager
slater@billslater.com
Chicago, IL

Sunday, November 20, 2011

Post 068 - CIS 608






The Fat Lady Has Sung, So This Blog Has Completed - Thanks for Reading!

It's over. The Fat Lady Has Sung, So This Blog has now completed. Thanks for reading, Folks!

Do you want to hear the Fat Lady sing? Click here! (Turn it up!)

=================================

William Favre Slater, III, PMP

MBA, M.S., PMP, CISSP, SSCP, CISA, ISO 27002, ISO 20000, ITIL v3, Cloud Computing Foundation
Project Manager / Program Manager
Group 2
CIS 608 Blog: http://cis608.blogspot.com
http://billslater.com/career
Chicago, IL

Post 067 - CIS 608







Analyzing and Summarizing this CIS 608 - Information Security Management Blog

Assignment 12.4 (Post to your Blog and to the Week 12 Forum)

This assignment is worth 50 points.

Time to finish up your blog. This last assignment should be a retrospective look at your postings over the last 11 weeks. Time for a little analysis. Write up an entry that provides a summary of what you chose to write about.

First, you need to categorize your topics of choice. Did you write primarily on operating system issues? User errors? Viruses? Or did you write about a variety of topics? Why did you choose those topics?

Next, you need to include an analysis of where you got your material. Did you use the same source each week? A variety each week?

As the last part of this entry, include whether or not you thought this type of blog might be useful to an information security professional and provide a few lessons learned for the next group of students.

To get credit for this assignment, the URL must be posted in this assignment.

============================== Answers ============================

Part 1 - First, you need to categorize your topics of choice. Did you write primarily on operating system issues? User errors? Viruses? Or did you write about a variety of topics? Why did you choose those topics?

(See chart above)

Summary Topic with Count
CIS 608 - Week Assignment - Blog = 2
CIS 608 - Week Assignments = 13
Cloud Computing, Security and Certifications = 1
Current Event in Information Security - Computer Crime = 9
Current Events in Information Security - International Cyberwar Threats = 10
Cybersecurity Policies = 1
Discussion about Secret Message Communications from World War II = 1
Domain Names related to Information Security = 1
Electronic Health Records - The Need for Security and Privacy = 1
Framework for Information Security Management = 1
Freedom of Information Act (FOIA) Resources and Information Security = 1
How the USA PATRIOT ACT Affects The Bill of Rights 1 Incident Response Plans = 2 Information Asset Classification = 1
Information Security and Information Security Tools = 1
Information Security Awareness Training = 3
Internet History and Growth = 1
IT Professional Certifications, Value and Relevance = 3
Leadership as a Component of Information Security = 2
News about an Information Security Blog = 1
Resources for Information Security Topics = 5
Return on Security Investment (RoSI) = 3
Security Architecture and Design - CYBR 515 Assignment = 3

----------------------------------------------------------------------
Part 2 - Next, you need to include an analysis of where you got your material. Did you use the same source each week? A variety each week?

No. Different sources each week.

Yes - a variety of sources. See summary below and above.

CIS 608 Assignment = 6
CIS 608 Material = 12
Course Text = 1
Current Event = 1
CYBR 515 Assignment = 1
CIS 608 Material = 3
Electronic Text Reference = 7
Industry Reference on Web = 1
Information Security Blog = 1
Information Website = 4
Self = 4
Various Texts = 1
Various Web URLS = 8
Web Article = 14
Website for Tool = 2
White Paper = 2

----------------------------------------------------------------------
Part 3 - As the last part of this entry, include whether or not you thought this type of blog might be useful to an information security professional and provide a few lessons learned for the next group of students.

As a certified Information Security who is also a graduate student, I found this blog exercise very useful because it forced me to regularly look for Information Security topics to analyze and blog about as part of this course requirement. I completed and analyzed 66 blog entries and learned a lot while doing it. It will remain here on the web as a snapshot of the Information Security landscape here at the end of 2011.

Besides the amazing things I learned and wrote about, I learned that I probably blogged too much. It took me about 10 to 12 hours to do this last assignment where I had to analyze and summarize my blog. With my busy schedule, that is just too much time.

Parting comments: I hope we will all be getting smarter about how we do things in cyberspace, because the consequences of slipping up and letting our guard down become more severe each day as more and more of our lives are enveloped by the world of the web and cyberspace.

Thank you for reading this blog (URL - http://cis608.blogspot.com).

================================

Bill

William Favre Slater, III, PMP
MBA, M.S., PMP, CISSP, SSCP, CISA, ISO 27002, ISO 20000, ITIL v3, Cloud Computing Foundation
Project Manager / Program Manager
Group 2
CIS 608 Blog: http://cis608.blogspot.com
http://billslater.com/career
Chicago, IL

Post 066 - CIS 608




"Foreign hackers targeted U.S. water plant in apparent malicious cyber attack, expert says"


This is an alarming news story and points out the vulnerability of infrastructure points in the U.S. It hits very close to home also because I think these hackers probably attacked the Jardine Water Treatment Plant (information here)that is operated by the City of Chicago. This plant pumps over one billion gallons of water out of Lake Michigan every day, and I am one of nearly 8 million people who use this water from the Jardine Water Treatment Plant daily to cook, shower, etc.

Sadly, people have been aware of such vulnerabilities for some time and such attacks have been predicted as far back as 10 to 15 years ago.

Let's hope home our city and national authorities are paying attention to this news and that they will act before it is too late.

===========================

William Favre Slater, III, PMP

MBA, M.S., PMP, CISSP, SSCP, CISA, ISO 27002, ISO 20000, ITIL v3, Cloud Computing Foundation
Project Manager / Program Manager
Group 2
wfslater@bellevue.edu
CIS 608 Blog: http://cis608.blogspot.com
http://billslater.com/career
Chicago, IL


Friday, November 18, 2011

Post 065 - CIS 608


EDF used Trojans to spy on Greenpeace


EDF is a giant French Energy company. The head of nuclear energy at EDF was fined 1.5 million euros for commissioning Kargus Consultants to use Trojans to attack Greenpeace's Yannick Jadot’s computer in 2006, stealing 1,400 documents relating to the organisation’s campaign against nuclear power. Jadot was then head of campaigns in France.

This judicial ruling was extremely important because it was the largest of its kind that was ever awarded.

From the article:

"The court in Nanterre handed EDF’s former security head, Pascal Durieux, a three-year jail sentence with one suspended, while his deputy Pierre-Paul François was given three years with 30 months suspended.

"The head of Kargus, Thierry Lorho, was given three years in jail with two suspended and a 4,000 euro fine while his technical expert and former secret service man, Alain Quiros, was given two years suspended."

"The evidence presented at the trial showed that the espionage undertaken by EDF in its efforts to discredit Greenpeace was both extensive and totally illegal. The company should now give a full account of the spying operation it mounted against its critics," said Greenpeace UK executive director, John Sauven.

What was especially astounding was that Pascal Durieux was a retired rear admiral from the French Navy and Pierre-Paul François had worked as a policeman.




Thursday, November 17, 2011

Post 064 - CIS 608


Week Twelve Assignments- Maps to Course Obj. 6

Read/Review

: Chapter 12, Management of Information Security, 3e.

: Powerpoint Slides, Chapter 12, located in Course Documents, Lecture Notes

Learning Objectives - Week 12

Differentiate between law and ethics
Understand the role of culture as it applies to ethics in information security
Access current information on laws, regulations, and relevant professional organizations
Assignment 12.1
This assignment is worth 50 points.
Complete the peer evaluation form (top of page - PeerEval.xls) for your group members and post it to the assignment link.


Assignment 12.2
This assignment is worth 50 points.
Provide background on the Communications Decency Act. Why was it enacted? When? Who sponsored it? Now provide information on the organization which led the effort to have this overturned... again, why? when? who? What was the outcome? Include any opinions you may have on this.

..
Assignment 12.3 (post to the Week 12 Forum)
This assignment is worth 50 points; 25 points for your original posting, and 25 points for participation.
Using any resource at your disposal, find out what laws your state (or country) has passed to prosecute computer crime and provide a short description of them. Were you surprised at what you found? Disappointed in what you found?
Minimum Posting Requirements: You must post at least five messages to get credit for participation. The first message is your original posting, due no later than Wed. At least two of the other messages must be responses to other student original postings. This is a pass/fail type of grade. If you meet the minimum requirements you get the points. If you do not meet the minimum requirements, you'll get no points for participation. Messages must be posted on more than one day. Don't wait until the last minute!


Group Assignment-Week 12
This assignment is worth 50 points.
As a group, determine a best response to the Case Exercises for RWW, Inc. at the end of the chapter. Use your group forum area for discussion, located under the Groups button to the left...
Have one person in your group post the group consensus, labeled as "Week12 Post - Grade Me" to your group forum.

Assignment 12.4 (Post to your Blog and to the Week 12 Forum)
This assignment is worth 50 points.
Time to finish up your blog. This last assignment should be a retrospective look at your postings over the last 11 weeks. Time for a little analysis. Write up an entry that provides a summary of what you chose to write about.
First, you need to categorize your topics of choice. Did you write primarily on operating system issues? User errors? Viruses? Or did you write about a variety of topics? Why did you choose those topics?
Next, you need to include an analysis of where you got your material. Did you use the same source each week? A variety each week?
As the last part of this entry, include whether or not you thought this type of blog might be useful to an information security professional and provide a few lessons learned for the next group of students.
To get credit for this assignment, the URL must be posted in this assignment.

Sunday, November 13, 2011

Post 063 - CIS 608





Unresolved Questions Dog International Cybersecurity Policies

Unresolved questions dog international cybersecurity policies This short article that was published on the web on November 9, 2011, highlights the difficult and legal complexities of a world that is waking up to the idea that we are now a globalized society that is very connected via the Internet. The concerns stem from the fact that internationally-directed data breaches are occurring and an increasing awareness that cyberspace (connected via the Internet) will be the new landscape of international confrontation, up to and including battles and wars fought in cyberspace. The dangerous realities we are now facing in cyberspace are something that only existed in the minds of famous cyberpunk science fiction writers such as William Gibson (who actually coined the term "cyberspace"), Bruce Sterling, and Neal Stephenson back in the early to mid-1990s.

Now we all are playing catch up, realizing that it is absolutely essential to have laws and international cooperation between the nation state stakeholders of cyberspace. Welcome to the brave new world in which our leaders are now having to understand and legislate cyberspace on a level that makes it safer for business and personal interactions.

Nevertheless, the answers to all these difficult issues may be right here.

======================

William F. Slater, III, M.S., MBA, PMP, CISSP, SSCP, CISA, MCITP, MCSE, ISO 20000, ISO 27002, MCP #3585
Project Manager / Program Manager
Chicago, IL
slater@billslater.com
http://billslater.com/career

Thursday, November 10, 2011

Post 062 - CIS 608



U.S. Charges 7 in Alleged Internet Ad Fraud Scam

November 9, 2011

For the first time, I believe, U.S. authorities Wednesday charged seven people living in Estonia and Russia with using malicious software to hijack millions of computers worldwide to redirect Internet searches toward online ads.
Starting in 2007, the suspects created fake companies that contracted with legitimate advertiser websites to drive Internet traffic toward their Internet pages, according to a Manhattan federal court indictment.

About 4 million computers in 100 countries including the United States were infected with malicious software designed by the defendants that would redirect an Internet user's browser toward the online advertisements, the indictment said. The defendants were paid about $14 million by advertisers based on the amount of "clicks" the ad pages would receive, it said.



Note - these people could have installed spyware on your computer. Maybe you should ensure that your security software protects against such malware.


William F. Slater, III, M.S., MBA, PMP, CISSP, SSCP, CISA, MCITP, MCSE, ISO 20000, ISO 27002, MCP #3585
Project Manager / Program Manager
Chicago, IL
slater@billslater.com
http://billslater.com/career

Wednesday, November 9, 2011

Post 061 - CIS 608



Week Eleven Assignments- Maps to Course Obj. 8
..
Read/Review
: Chapter 11, Management of Information Security, 3e.
: Powerpoint Slides, Chapter 11, located in Course Documents, Lecture Notes
Learning Objectives - Week 11
Identify the skills, requirements, and certifications for information security positions
Understand and implement information security constraints on the general hiring process
Describe the security practices used to control employee behavior and prevent misuse of information

Assignment 11.1
This assignment is worth 50 points.
Using the information in this text and any other resources you identify, write a job description of Iris's new position, described in the Case Exercise at the end of the chapter. What qualifications and responsibilities should be associated with this position?

..
Assignment 11.2 (post to the Week 11 Forum)
This assignment is worth 50 points; 25 points for your original posting, and 25 points for participation.
List any certifications you currently hold, including type, date of creditation, etc. (If you don't currently hold any certifications, start from here). List any certifications you are planning on acquiring. Post your opinion on certifications in general. Was it worth the time and money to acquire your current certs? Would you recommend them to others? Which do you think has more credibility when looking at resumes, certifications or formal education or experience? If your answer depends upon the type of job, include that information.
Minimum Posting Requirements: You must post at least five messages to get credit for participation. The first message is your original posting, due no later than Wed. At least two of the other messages must be responses to other student original postings. This is a pass/fail type of grade. If you meet the minimum requirements you get the points. If you do not meet the minimum requirements, you'll get no points for participation. Messages must be posted on more than one day. Don't wait until the last minute!


Group Assignment-Week 11
This assignment is worth 50 points.
As a group, determine a best response to the Case Exercises for RWW, Inc. at the end of the chapter. Use your group forum area for discussion, located under the Groups button to the left...
Have one person in your group post the group consensus, labeled as "Week11 Post - Grade Me" to your group forum.

Assignment 11.3 (Post to your Blog)
This assignment is worth 20 points.
Time to start adding to that blog! If you are not sure what to include, you might want to re-read the assignment located at the top of the Week 1 Assignments.
To get credit for this assignment, the URL for the blog must be posted in this drop box.


Tuesday, November 8, 2011

Post 060 - CIS 608



Week 11 Discussion Question - IT Professional Certifications, Value and Relevance

Assignment 11.2 (post to the Week 11 Forum)

This assignment is worth 50 points; 25 points for your original posting, and 25 points for participation.


List any certifications you currently hold, including type, date of creditation, etc. (If you don't currently hold any certifications, start from here). List any certifications you are planning on acquiring. Post your opinion on certifications in general. Was it worth the time and money to acquire your current certs? Would you recommend them to others? Which do you think has more credibility when looking at resumes, certifications or formal education or experience? If your answer depends upon the type of job, include that information.


Professor Sparks, thanks for posting this question.

These are my responses.

--- > List any certifications you currently hold, including type, date of creditation, etc.

My certifications are listed at this link along with the name, abbreviation, certifying body, and the date I achieved them. http://billslater.com/certifications . By the way, I am proud to tell all of you that I am the most certified individual in the entire Midwest.

--- > List any certifications you are planning on acquiring.

These are certifications I plan to earn in the next 12 months:

· Data Center University by APC

· Oracle Certified Associate

· Certified Java Developer

· Cloud Computing Expert

o This is the Cloud Computing Pathway program:

§ Cloud Computing Foundation

§ Cloud Computing Specialist - Virtualization

§ Cloud Computing Specialist - SaaS and Web Applications

§ Cloud Computing Specialist - PaaS and Storage Management

§ Cloud Computing Specialist - Services Management

§ Cloud Computing Specialist - Managing Services in the Cloud

§ Cloud Computing Expert - Master (when you pass the 6 above)

http://store.theartofservice.com/all-products/cloud-computing-pathway-comple-elearning-bundle.html

I am doing this because:

a) I am a dedicated and seasoned IT professional who sees Cloud Computing as the next disruptive paradigm shift

b) I used to manage a Cloud Data Center so I know what happens and how it works and looks from the inside

c) I am ITIL Foundation v2 and v3 certified and I know what that is about

d) I ran an enormous ITIL Services migration project not long ago

e) I enjoy learning new stuff and getting certified in it, especially when it seems to be the next BIG THING in IT.

--- > Post your opinion on certifications in general.

My opinion is expressed in a blog entry that I wrote on October 14, 2011, for my blog at IIT on this same topic:

In a Tough Economy, What Skills & Certifications Do You Really Need?

I get asked this question a lot. In fact, since this will be read by a lot of students and faculty, I will share some advice I gave someone about three weeks ago. This person, who actually has an M.S. in Information Technology, was proposing that IT certifications alone would suffice to help a person get the IT job of their dreams.

I am with one of the world’s best companies at the moment, and I am very happy with my job and the people I work with, so I am planning on staying here as long as possible.

But I laugh at the people that think they can move ahead in the IT field without a degree or multiple degrees in this field. They do not realize that despite what they sincerely believe about saving money and getting a few certifications, and skipping the formal education, they are doing themselves considerable career harm in the long run, because they cannot get back the years they wasted believing that poppycock. And actually, it’s good because it helps decrease the competition for guys like you and me. Also, they don’t realize that despite what they believe about being successful without formal education, they have peers and people younger than them who will get a clue and realize what it takes to succeed, and set their course and do it.

When I was a young U.S. Air Force officer, we asked a USAF Colonel about the secret of advancing your career in the U.S. Air Force. Here’s what he said:

“Look around and see what your peers are doing. If they are getting master’s degrees and going to Squadron Officers School, you better be doing the same.”

In Houston, I lived through a severe economic downturn. There was a story about a guy who had a B.S. in Geophysics who went into a Burger King to find work because he had been laid off and out of work for three months. When he met with the manager, he explained that since he had B.S. in Geophysics he was probably over qualified. The manager said this: “Not so fast Buddy, all our hamburger flippers and cashiers have master’s degrees and PhDs.”

If you are a normal person like you or me, you will try to understand the laws of Supply and Demand and the Market and the Economy, and then do what it takes to succeed. if that means hard work, certifications, education, etc., we will do it. But if you are like the guy that asked the question, and you have an “inside scoop”, you can just pick up a few easy certifications, the ones that DON’T REQUIRE CPE credits, and you may be good to go, and then you can save all that money that people spend on formal education.

However, my experience, knowledge, and time in the IT profession tell me that person that believes that certifications alone are sufficient may soon find out the hard way that he is totally wrong. The trouble is that there could be a lot of wasted time if and when he wakes up and realizes the truth.

Anyway, here’s something about education that all of you can print and put on your wall:

http://www.billslater.com/if_you_think_education_is_expensive.jpg

Finally, if you think that you are planning a career in Information Technology, where you can be the world’s greatest programmer, or world’s greatest database administrator, or the world’s greatest networking person, or the world’s greatest system administrator, or the world’s greatest security person, or the world’s greatest project manager, Good Luck! Here is a big surprise for you: A future employer may expect you to be all those things. Don’t believe me? Look what happened in the IT career field between 1997 and 2007.

http://www.authorstream.com/Presentation/billslater-158223-industry-2007-job-market-skills-business-finance-ppt-powerpoint/

Almost forgot, most of those same employers also expect you to be polished and have strong communication skills in writing, speaking, and LISTENING. (Yes - Listening a form of communication also.)

Your response? That’s not fair!!!

My response: Life’s not fair. So, do you want to work or be unemployed and live off your parents? If the answer to that question is, “No,” then you need to study hard and stay busy learning.

So study hard. And stay thirsty for Knowledge and Skills my friends!

Best regards,

Bill

William F. Slater, III, M.S., MBA, PMP, CISSP, SSCP, CISA, ISO 27002, ISO 20000, ITIL v3, MCITP, MCSE, MCSD, CDCP

Chicago, IL

slater@billslater.com

http://billslater.com/career

=====================================

--- > Was it worth the time and money to acquire your current certs?

Yes. I never earned a certifications that wasn’t worth it.

--- > Would you recommend them to others?

If people are willing to put in the time, effort and money, yes, I would recommend certifications.

--- > Which do you think has more credibility when looking at resumes, certifications or formal education or experience?

I have 71 certifications and two master’s degrees and am 17% of the way through with my third master’s degree, this time an M.S. in Cybersecurity (which is why I am here).

I believe that the solid IT professional will have certifications, formal education, and experience, and that they will also belong to and maintain membership in organizations that are related to their profession.

These are the organizations that I belong to:

PROFESSIONAL ORGANIZATIONS:

Association for Computing Machinery

Chicago Chapter of the Internet Society

(President and Founder)

Data Center Professionals Network

EC Council

Electronic Frontier Foundation

Federal IT Security Institute

IEEE Computer Society

Institute for Data Center Professionals, Charter Member and Newsletter Editor

International Information Systems Security Certification Consortium, Inc., (ISC)

International Society for Auditing and Control Association (ISACA) - Member

Internet Society, Supporting Member

Microsoft Alumni Network

Microsoft Partner Program

Microsoft Developer Network

The Planetary Society

Project Management Institute

Triton College Advisory Board Member

Uptime Institute

--- > If your answer depends upon the type of job, include that information.

If a person’s job demands one or more certifications, then that person certainly needs to get busy.

Final comments about certifications:

1) Thanks to a lot of respectable certifications and a good resume and education, I get about 15 to 20 job offers via education and e-mail, every Monday through Friday.

2) If you have a website or a LinkedIn.com profile, having certifications will definitely help your ranking in the search engines. To see what I mean, Search on these strings using Google :

Pmp cissp Chicago

Also check this page out and see the most popular pages at my website, BILLSLATER.com:

http://billslater.com//webstats

3) No one should pursue certifications that have additional requirements for continuing professional education (CPE) unless they are willing to put forth the time, energy, and money to actually pursue the CPEs to keep the certification(s) current. I have four current certifications that require these CPEs:

CISSP
SSCP
PMP
CISA

4) The most shocking thing to me about certifications is how much people have ridiculed me for pursuing certifications and how many jealous people will publicly and privately trash talk me for being driven to each these achievements. I really think that people should mind their own business and keep their negative opinions to themselves. I am not hurting anyone my pursuing endeavors that help my career (http://billslater.com/career ). Maybe they need to get busy and get a life, some certifications and their own website.

When I graduated from high school in May 1973, I had eight scholarships and I attended Memphis State University and earned a four year Bachelor of Science in Engineering Technology degree with a major in Computer Systems Technology in May 1977. I don’t think there is anything wrong with being achievement oriented and I think people who engage in negative behaviors toward me regarding my intelligence, certifications, and technical abilities are usually guilty of repeatedly breaking the 9th and 10th Commandments of the original Ten Commandments and that one day, in some way, they will have to answer to God for all the ways they have tried to hurt me.

But until that day, I’ll just be getting more education and certifications, and they can pursue their own path, whatever that is.

= = = = = = = = = = = = = = = = = = = = = = = = = = = = = =


Best regards,

Bill
William Favre Slater, III, PMP
MBA, M.S., PMP, CISSP, SSCP, CISA, ISO 27002, ISO 20000, ITIL v3, Cloud Computing Foundation
Project Manager / Program Manager
Group 2
CIS 608 Blog: http://cis608.blogspot.com
http://billslater.com/career
Chicago, IL


Monday, November 7, 2011

Post 059 - CIS 608


Prisoners from California Prisons

A Real Automation Integration Nightmare: Can Hackers Release Prisoners from California Prisons?

The articles below explains the probability of Hackers being able to break into the computer systems and networks that control the release mechanisms that lock the doors in California Prisons. This further highlights the need for strong leadership, policies, and efforts in sound Information Security Management.


===========================================
William Favre Slater, III, MBA, M.S., PMP, CISSP, SSCP, CISA, ISO 27002, ITIL v3, Cloud Computing Foundation
Project Manager / Program Manager
http://billslater.com/career
Chicago, IL
United States of America




Sunday, November 6, 2011

Post 058 - CIS 608



USA PATRIOT ACT
and Its Effect on the American People

Many of you may be unaware of the USA PATRIOT ACT that was passed in October 2001 as a quick response to the terrorist attacks of September 11, 2001. This post explains some facts that you need to know about the USA PATRIOT ACT and how it changed the freedoms that the Founding Fathers tried to provide for the citizens of this country when the first wrote and ratified the Constitution of the United States and the first 10 Ammedments, commonly known as the Bill of Rights.

USA PATRIOT ACT essentially nullified 5 of the first 10 Amendments to the U.S. Constitution.
Many citizens feel strongly that the powers now granted to the Executive branch of government and its agents are in direct conflict with the 1st, 4th, 5th, 6th and 8th Amendments in the Bill of Rights to the U.S. Constitution (see Bill of Rights, below.). In other words, we now live in such times that many of the rights to privacy that we thought we were guaranteed under the U.S. Constitution, are now preempted, at least temporarily by the PATRIOT Act. In fact, the only way that the PATRIOT Act could be successfully passed in both chambers of Congress was to include a “Sunset Clause,” which caused many of the more far-reaching provisions of the Act to expire automatically, unless they were again reviewed and approved by both chambers of Congress. Though there was a “Sunset Clause" the PATRIOT Act has now been renewed TWICE, once under President Bush and once under President Obama.

= = = = = = = = = = = = = = = = = = = = = = = = = = = =
Bill of Rights – First 10 Amendments to the U.S. Constitution

ARTICLES IN ADDITION TO, AND AMENDMENTS OF, THE Amendments to the Constitution
CONSTITUTION OF THE UNITED STATES OF AMERICA, PROPOSED BY CONGRESS, AND RATIFIED BY THE LEGISLATURES OF THE SEVERAL STATES, PURSUANT TO THE FIFTH ARTICLE OF THE ORIGINAL CONSTITUTION

Article [I.]
Congress shall make no law respecting an establishment of religion, or prohibiting the free exercise thereof; or abridging the freedom of speech, or of the press; or the right of the people peaceably to assemble, and to petition the Government for a redress of grievances.

Article [II.]
A well regulated Militia, being necessary to the security of a free State, the right of the people to keep and bear Arms, shall not be infringed.

Article [III.]
No Soldier shall, in time of peace be quartered in any house, without the consent of the Owner, nor in time of war, but in a manner to be prescribed by law.

Article [IV.]
The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.

Article [V.]
No person shall be held to answer for a capital, or otherwise infamous crime, unless on a presentment or indictment of a Grand Jury, except in cases arising in the land or naval forces, or in the Militia, when in actual service in time of War or public danger; nor shall any person be subject for the same offence to be twice put in jeopardy of life or limb; nor shall be compelled in any criminal case to be a witness against himself, nor be deprived of life, liberty, or property, without due process of law; nor shall private property be taken for public use, without just compensation.

Article [VI.]
In all criminal prosecutions, the accused shall enjoy the right to a speedy and public trial, by an impartial jury of the State and district wherein the crime shall have been committed, which district shall have been previously ascertained by law, and to be informed of the nature and cause of the accusation; to be confronted with the witnesses against him; to have compulsory process for obtaining witnesses in his favor, and to have the Assistance of Counsel for his defence.

Article [VII.]
In Suits at common law, where the value in controversy shall exceed twenty dollars, the right of trial by jury shall be preserved, and no fact tried by a jury, shall be otherwise re-examined in any Court of the United States, than according to the rules of the common law.

Article [VIII.]
Excessive bail shall not be required, nor excessive fines imposed, nor cruel and unusual punishments inflicted.

Article [IX.]
The enumeration in the Constitution, of certain rights, shall not be construed to deny or disparage others retained by the people.

Article [X.]
The powers not delegated to the United States by the Constitution, nor prohibited by it to the States, are reserved to the States respectively, or to the people.

======================================

References:


The Constitution of the U.S. (1791). U.S. Constitution. Retrieved from the web at

The Declaration of Independence. (1776). The Declaration of Independence. Retrieved from the web at
http://www.billslater.com/tj1776.htm  on November 6, 2011.

Doyle, C. (2002).  USA PATRIOT Act: A sketch.  Retrieved from the web at
http://www.fas.org/irp/crs/RS21203.pdf  on December 24, 2011.

Doyle, C. (2010).  National Security Letters in Foreign Intelligence Investigations: A Glimpse of the Legal Background and Recent Amendments - a CRS Report Dated December 27, 2010.  Retrieved from the web at  http://www.fas.org/sgp/crs/intel/RS22406.pdf  on December 24, 2011.

Electronic Privacy and Information Center Resources about the USA PATRIOT Act

U.S. Government (2001).  USA PATRIOT Act.  Retrieved from the web at  http://frwebgate.access.gpo.gov/cgi-bin/getdoc.cgi?dbname=107_cong_public_laws&docid=f:publ056.107.pdf   on December 24, 2011.

U.S. Department of Justice (2004).  USA PATRIOT Act at Work.  Retrieved from the web at

Wikipedia. (2011). USA PATRIOT Act. A Wikipedia article retrieved from the web at



= = = = = = = = = = = = = = = = = = = = = = =
William Favre Slater, III
MBA, M.S., PMP, CISSP, SSCP, CISA, ISO 27002, ISO 20000, ITIL v3, Cloud Computing Foundation
Project Manager / Program Manager

M.S. in Cybersecurity Program at Bellevue University

CIS 537 Introduction to Cyber Ethics

CIS 608 Information Security Management

CYBR 515 - Security Architecture and Design

CYBR 510 Physical, Operations, and Personnel Security

Career

Certifications

Credentials

ISO 27001

Chicago, IL
United States of America