Seattle 2013

Seattle, WA | Mon, Oct 7 - Mon, Oct 14, 2013
 

High Tech Crimes and Insider Threats

You Will Learn:

  • The types of high tech crimes and how to recognize them.
  • How to build policies that will allow your organization to effectively investigate suspicious activities
  • How to assess risk of insider threats, and build mitigating controls.
  • How to conduct a basic investigation without destroying critical evidence.
  • How to work with Law Enforcement to reduce the business impact of criminal investigations.

Course Syllabus
Course Contents InstructorsSchedule
  HST.1: Introduction and Concepts Bobby Kuzma Sun Oct 13th, 2013
9:00 AM - 5:00 PM

CPE/CMU Credits: 6

Topics
  • Threat landscape
  • All about insiders and the Threats they pose
  • Warning Signs: What to look for
  • Incident Response: A Policy approach
  • Investigation Concepts
  • Working with Law Enforcement
  • Investigation Tools

 
  HST.2: Putting it all together Bobby Kuzma Mon Oct 14th, 2013
9:00 AM - 5:00 PM

CPE/CMU Credits: 6

Topics
  • Incident Response Scenarios
  • Detection and Mitigation Strategies
  • Evidence Collection 101
  • Basic Evidence Analysis
  • Special issues with Insiders

 
Additional Information
 
  Laptop Recommended

Laptop not required, but strongly suggested. Supplementary materials will require a Windows based workstation or VM.

If you have additional questions about the laptop specifications, please contact laptop_prep@sans.org.

 
  Who Should Attend
  • Systems and Network Administrators
  • Internal Auditors and Investigators
  • Information Security Policy Professionals

 
  Prerequisites
  • Have familiarity with basic information security concepts
  • Have basic understanding of network engineering
  • Have basic understanding of system administration for Windows computers.

 
  What You Will Receive
  • Downloadable forensic images containing examples of common nefarious insider activity and crime activity.
  • Demo licenses for software used in the examples.
  • A printed class manual

 
  You Will Be Able To
  • Help your organization define its high risk areas for insider threats .
  • Design detection methods for illicit insider access.
  • Build a best practices policy for incident response.
  • Implement policies for working with local law enforcement resources.
  • Safely and correctly collect electronic evidence.
  • Perform basic analysis of electronic evidence.
  • Work successfully with local law enforcement.
  • Brief stakeholders on current and foreseeable threats.