LEG523: Law of Data Security and Investigations
Before developing any Incident Response or investigation process this class is a must. Ben does a great job getting into the heads of lawyers.
Eliot Irons, Solutionary
This course was an eye opener to the various legal issues in data security. Practices I will use when back in office.
Albertus Wilson, Saudi Aramco Guard
* New for live delivery 2015: Sony Pictures' alleged denial of service attack on sites dumping its stolen corporate data.
* New for live delivery as of October 2014: Home Depot's legal and public statements about payment card breach.
* New legal tips on confiscating and interrogating mobile devices.
* New for live delivery as of January 2014: The public response by retailer Target to a major payment card security incident.
* New for live delivery as of April 2014: Course covers lawsuit by credit card issuers against Target's QSA and security vendor, Trustwave.
New law on privacy, e-discovery and data security is creating an urgent need for professionals who can bridge the gap between the legal department and the IT department. SANS LEG523 provides this unique professional training, including skills in the analysis and use of contracts, policies and records management procedures.
This course covers the law of business, contracts, fraud, crime, IT security, liability and policy - all with a focus on electronically stored and transmitted records. It also teaches investigators how to prepare credible, defensible reports, whether for cyber crimes, forensics, incident response, human resource issues or other investigations.
GIAC certification through LEG523 demonstrates to employers that you not only attended classes, but studied and absorbed the sophisticated content of this course. Certification distinguishes any professional - whether an IT expert, auditor, lawyer, or forensics expert. The value of certification will only grow in the years to come as law and security issues become even more interconnected.
The course also provides training and continuing education for many compliance programs under information security and privacy mandates such as GLBA, HIPAA, FISMA, and PCI-DSS. In addition, LEG523 is associated with the coveted GLEG certification, which strengthens the credibility of forensics investigators as witnesses in court and can help a forensics consultant win more business.
Each successive day of this five-day course builds upon lessons from the earlier days in order to comprehensively strengthen your ability to help your enterprise (public or private sector) cope with illegal hackers, botnets, malware, phishing, unruly vendors, data leakage, industrial spies, rogue or uncooperative employees, or bad publicity connected with IT security. We will cover breaking stories ranging from Home Depot's legal and public statements about payment card breach to the lawsuit by credit card issuers against Target's QSA and security vendor, Trustwave.
Recent updates to the course address hot topics such as legal tips on confiscating and interrogating mobile devices, the retention of business records connected with cloud computing and social networks like Facebook and Twitter, and analysis and response to the risks and opportunities surrounding open-source intelligence gathering.
Over the years this course has adopted an increasingly global perspective. Non-US professionals attend LEG523 because there is no training like it anywhere else in the world. For example, a lawyer from the national tax authority in an African country took the course because electronic filings, evidence and investigations have become so important to her work. International students help the instructor, U.S. attorney Benjamin Wright, constantly revise the course and include more content that crosses borders.
You Will Learn:
- How to choose words for better legal results in policies, contracts and incidents.
- How to implement processes that yield defensible policies on security, e-records and investigations.
- How to reduce risk in a world of vague laws on cyber crime and technology compliance.
- How to carry out investigations so that they will be judged as ethical and credible.
- How to persuade authorities that you and your organization responded responsibly to information security, privacy and forensic challenges.
|LEG523.1: Fundamentals of IT Security Law and Policy|
The first day is an introduction to law and IT that serves as the foundation for discussions during the rest of the course. We survey the general legal issues that must be addressed in establishing best information security practices, then canvass the many new laws on data security and evaluate information security as a field of growing legal liability. We will cover computer crime and intellectual property laws when a network is compromised, as well as emerging topics such as honeypots and active defenses, i.e., enterprises hacking back against illegal hackers. We will look at the impact of future technologies on law and investigations in order to help students factor in legal concerns when they draft enterprise IT security policies. For example, students will debate what the words of an enterprise policy would mean in a courtroom. The course also dives deep into the legal question of what constitutes a "breach of data security" for purposes of notifying others about it or for other purposes. The course includes a case study on the drafting of policy to comply with the Payment Card Industry Data Security Standard (PCI).
CPE/CMU Credits: 6
|LEG523.2: E-Records, E-Discovery and Business Law|
IT professionals can advance their careers by upgrading their expertise in the hot fields of e-discovery and cyber investigations. Critical facets of those fields come forward in course day two. We will focus on the use of computer records in disputes and litigation, with a view to teaching students how to manage requests to turn over e-records to adversaries (i.e. e-discovery), how to manage implementation of a "legal hold" over some records to prevent their destruction, and how to coordinate with legal counsel to develop workable strategies to legal challenges.
Transactions that used to be conducted on paper are now done electronically, so commercial law now applies to computer security. The IT function within an enterprise has become the custodian of an enterprise's business records. You will learn how to craft sound policy for the retention and destruction of electronic records like email, text messages, and social networking interactions. We will provide methods for balancing the competing interests in electronic records management, including costs, risks, security, regulations and user cooperation.
Law and technology are changing quickly, and it is impossible for professionals to comprehend all the laws that apply to their work. But they can comprehend overarching trends in law, and they can possess a mindset for finding solutions to legal problems. A key goal of this course day is to equip students with the analytical skills and tools to address technology law issues as they arise, both in the United States and around the world.
The course is chock full of actual court case studies dealing with privacy, computer records, digital evidence, electronic contracts, regulatory investigations, and liability for shortfalls in security. The purpose of the case studies is to draw practical lessons that students can take back to their jobs.
CPE/CMU Credits: 6
|LEG523.3: Contracting for Data Security and Other Technology|
Day three focuses on the essentials of contract law sensitive to the current legislative requirements for security. Compliance with many of the new data security laws requires contracts. Because IT pulls together the products and services of many vendors, consultants, and outsourcers, enterprises need appropriate contracts to comply with Sarbanes-Oxley, Gramm-Leach-Bliley, HIPAA, EU Data Directive, data breach notice laws and other regulations.
The course provides practical steps and tools that students can apply to their enterprises and includes a lab on writing contract-related documents relevant to the students' professional responsibilities. You will learn the language of common IT contract clauses and the issues surrounding those clauses, and become familiar with specific legal cases that show how different disputes have been resolved in litigation.
Recognizing that enterprises today operate increasingly on a global basis, the course teaches cases and contract drafting styles applicable to a multinational setting.
Contracts covered include agreements for software, consulting, nondisclosure, application services, penetration testing, and private investigation services. Special emphasis is applied to cloud computing issues. Students will also learn how to exploit the surprising power of informal contract records and communications.
CPE/CMU Credits: 6
|LEG523.4: The Law of IT Compliance: How to Conduct Investigations|
Information security professionals and cyber investigators operate in a world of ambiguity, rapid change, and legal uncertainty. To address these challenges, this course day presents methods to analyze a situation and then act in a way that is ethical and defensible and reduces risk. Lessons will be invaluable to the effective and credible execution of any kind of investigation, be it internal, government, consultant, security incident, or any other. The lessons also include methods and justifications for maintaining the confidentiality of an investigation.
The course surveys white-collar fraud and other misbehaviors with an emphasis on the role of technology in the commission and prevention of that fraud. It teaches IT managers practical and case-study-driven lessons about the monitoring of employees and employee privacy.
IT is often expected to "comply" with many mandates, whether stated in regulations, contracts, internal policies or industry standards (such as PCI-DSS). This course teaches many broadly applicable techniques to help technical professionals establish that they and their organizations are in fact in compliance, or to reduce risk if they are not in perfect compliance. The course draws lessons from models such as the Sarbanes-Oxley Act.
As IT security professionals take on more responsibility for controls throughout an enterprise, it is natural that they worry about fraud, which becomes a new part of their domain. This day covers what fraud is, where it occurs, what the law says about it and how it can be avoided and remedied. Indeed, the primary objective of Sarbanes-Oxley is not to keep hackers out; it is to snuff out fraud inside the enterprise.
Scattered through the course are numerous descriptions of actual fraud cases involving IT. The purpose is to acquaint the student with the range of modern business crimes, whether committed by executives, employees, suppliers or whole companies. More importantly, the course draws on the law of fraud and corporate misconduct to teach larger and broader lessons about legal compliance, ethical hacking and proper professional conduct in difficult case scenarios.
Further, the course teaches how to conduct forensics investigations involving social, mobile and other electronic media.
CPE/CMU Credits: 6
|LEG523.5: Applying Law to Emerging Dangers: Cyber Defense|
Knowing some rules of law is not the same as knowing how to deal strategically with real-world legal problems. This day is organized around extended case studies in security law: break-ins, investigations, piracy, extortion, rootkits, phishing, botnets, espionage and defamation. The studies lay out the chronology of events and critique what the good guys did right and what they did wrong. The goal is to learn to apply principles and skills to address incidents in your day-to-day work.
The course includes an in-depth review of legal responses to the major security breaches at TJX, Target, and Home Depot, and looks at how to develop a Bring Your Own Device (BYOD) policy for an enterprise and its employees.
The skills learned are a form of crisis management, with a focus on how your enterprise will be judged in a courtroom, by a regulatory agency, or in a contract relationship. Emphasis will be on how to present your side of a story to others, such as law enforcement, Internet gatekeepers, or the public at large, so that a security incident does not turn into a legal fiasco.
In addition to case studies, the core material will include tutorials on relevant legislation and judicial decisions in such areas as privacy, negligence, contracts, e-investigations, computer crime and offensive countermeasures.
LEG523 is increasingly global in its coverage, so although this course day centers around U.S. law, non-U.S. law and the roles of government authorities outside the United States will be examined, as well.
CPE/CMU Credits: 6
|Who Should Attend|
|Other Courses People Have Taken|
Other Courses People Have Taken
LEG523 complements SANS' rigorous digital forensics program. This course and the SANS digital forensics curriculum provide professional investigators an unparalleled suite of training resources.
|What You Will Receive|
|You Will Be Able To|
|Press & Reviews|
"LEG523 provides a great foundation and introduction into the legal issues involving cybersecurity." - Tracey Kinslow, TN Air National Guard
"The best guy in the country on these issues is Ben Wright." - Stephen H. Chapman, Principal and CEO, Security Advisers, LLC
"Ben Wright's insight into legal issues and teaching style makes this potentially dry material exciting. His stories and examples add to the printed material." - Karl Kurrle, Golf Savings Bank
"This course was an eye opener to the various legal issues in data security. Practices I will use when back in office." - Albertus Wilson, Saudi Aramco Guard
"Coming from an intense IT operations background, it was extremely valuable to receive an understanding of my security role from a legal point of view." - John Ochman, BD
Learn more about LEG523 from the author:
Check out the author's podcast:
Interested in the GLEG certification? Find out the benefits here: http://legal-beagle.typepad.com/security/2010/03/training.html
*CPE/CMU credits not offered for the SelfStudy delivery method