2 Days Left to Save $400 on SANS Northern Virginia-Reston 2017

Seattle 2013

Seattle, WA | Mon, Oct 7 - Mon, Oct 14, 2013
This event is over,
but there are more training opportunities.


Please note that early bird discounts do not apply to Hosted courses.

High Tech Crimes and Insider Threats

You Will Learn:

  • The types of high tech crimes and how to recognize them.
  • How to build policies that will allow your organization to effectively investigate suspicious activities
  • How to assess risk of insider threats, and build mitigating controls.
  • How to conduct a basic investigation without destroying critical evidence.
  • How to work with Law Enforcement to reduce the business impact of criminal investigations.

Course Syllabus

Bobby Kuzma
Sun Oct 13th, 2013
9:00 AM - 5:00 PM

CPE/CMU Credits: 6

  • Threat landscape
  • All about insiders and the Threats they pose
  • Warning Signs: What to look for
  • Incident Response: A Policy approach
  • Investigation Concepts
  • Working with Law Enforcement
  • Investigation Tools

Bobby Kuzma
Mon Oct 14th, 2013
9:00 AM - 5:00 PM

CPE/CMU Credits: 6

  • Incident Response Scenarios
  • Detection and Mitigation Strategies
  • Evidence Collection 101
  • Basic Evidence Analysis
  • Special issues with Insiders

Additional Information

Laptop not required, but strongly suggested. Supplementary materials will require a Windows based workstation or VM.

If you have additional questions about the laptop specifications, please contact laptop_prep@sans.org.

  • Systems and Network Administrators
  • Internal Auditors and Investigators
  • Information Security Policy Professionals

  • Have familiarity with basic information security concepts
  • Have basic understanding of network engineering
  • Have basic understanding of system administration for Windows computers.

  • Downloadable forensic images containing examples of common nefarious insider activity and crime activity.
  • Demo licenses for software used in the examples.
  • A printed class manual

  • Help your organization define its high risk areas for insider threats .
  • Design detection methods for illicit insider access.
  • Build a best practices policy for incident response.
  • Implement policies for working with local law enforcement resources.
  • Safely and correctly collect electronic evidence.
  • Perform basic analysis of electronic evidence.
  • Work successfully with local law enforcement.
  • Brief stakeholders on current and foreseeable threats.