The most trusted source for computer security training, certification and research.

select a course
Washington, DC - December 11 - 18, 2009
Global Information Assurance Certification

If you want to be a technology and security leader, this is the course for you!
-Andrew Longsworth, Priscoll's

LEGAL 523

Legal Issues in Information Technology and Information Security

Friday, December 11, 2009 - Tuesday, December 15, 2009
Benjamin Wright, SANS Senior Instructor
6 CPE Credits Per Day

New law on privacy, e-discovery, and data security is creating an urgent need for professionals who can bridge the gap between the legal department and the IT department. The needed professional training is uniquely available in SANS' LEG523 series of courses, including skills in the analysis and use of contracts, policies, and records management procedures.

GIAC certification under LEG523 demonstrates to employers that a professional has not only attended classes, but studied and absorbed the sophisticated content of these courses. Certification distinguishes any professional, whether an IT expert, an auditor, a paralegal, or a lawyer, and the value of certification will grow in the years to come as law and security issues become even more interlocked.

This course covers the law of business, contracts, fraud, crime, IT security, IT liability and IT policy -- all with a focus on electronically stored and transmitted records. LEG 523 is a five-day package delivering the content of the following one-day courses:

  • LEG417: Fundamentals of IT Security Law and Policy
  • LEG416: E-Records, E-Discovery and Business Law
  • LEG412: Contracting for Data Security
  • LEG413: The Law of IT Compliance: How to Conduct Investigations
    • Lessons will be invaluable to the legal and ethical execution of any kind of cyber or internal investigation or incident response.
  • LEG425: Applying Law to Emerging Dangers: Cyber Defense
    • In-depth review of legal response to the major security breach at TJX.
    • Learn how to incorporate effective public communications into your cyber security program.

These five days of integrated education — where each successive day builds upon lessons from the earlier day(s) — will help any enterprise (public or private sector) cope with such problems as hackers, botnets, malware, phishing, unruly vendors, data leakage, industrial spies, rogue or uncooperative employees and bad publicity connected with IT security.

Recent updates to the courses address hot topics such as investigations and business records retention connected with social networks like Facebook and Twitter.

Who should attend:

  • Investigators
  • Security and IT professionals
  • Lawyers
  • Paralegals
  • Auditors
  • Accountants
  • Technology Managers
  • Vendors
  • Compliance officers
  • Law enforcement

Ben's insight into legal issues and teaching style makes this potentially dry material exciting. His stories and examples add to the printed material
-Karl Kurrle, Golf Savings Bank

Author Statement

These are five intense days covering the rapid development of law at the intersection of IT and security. Be prepared for insights and tips you've not heard before.

--Benjamin Wright

The best guy in the country on these issues is Ben Wright. -Stephen H. Chapman, Principal and CEO, Security Advisers, LLC, and student in Mr. Wright's SANS legal training