LEG523: Law of Data Security and Investigations

A session at SANS Houston 2016

New law on privacy, e-discovery and data security is creating an urgent need for professionals who can bridge the gap between the legal department and the IT department. SANS LEG523 provides this unique professional training, including skills in the analysis and use of contracts, policies and records management procedures. This course covers the law of business, contracts, fraud, crime, IT security, liability and policy - all with a focus on electronically stored and transmitted records. It also teaches investigators how to prepare credible, defensible reports, whether for cyber crimes, forensics, incident response, human resource issues or other investigations. GIAC certification through LEG523 demonstrates to employers that you not only attended classes, but studied and absorbed the sophisticated content of this course. Certification distinguishes any professional - whether an IT expert, auditor, lawyer, or forensics expert. The value of certification will only grow in the years to come as law and security issues become even more interconnected. The course also provides training and continuing education for many compliance programs under information security and privacy mandates such as GLBA, HIPAA, FISMA, and PCI-DSS. In addition, LEG523 is associated with the coveted GLEG certification, which strengthens the credibility of forensics investigators as witnesses in court and can help a forensics consultant win more business. Each successive day of this five-day course builds upon lessons from the earlier days in order to comprehensively strengthen your ability to help your enterprise (public or private sector) cope with illegal hackers, botnets, malware, phishing, unruly vendors, data leakage, industrial spies, rogue or uncooperative employees, or bad publicity connected with IT security. We will cover breaking stories ranging from Home Depot's legal and public statements about payment card breach to the lawsuit by credit card issuers against Target's QSA and security vendor, Trustwave. Recent updates to the course address hot topics such as legal tips on confiscating and interrogating mobile devices, the retention of business records connected with cloud computing and social networks like Facebook and Twitter, and analysis and response to the risks and opportunities surrounding open-source intelligence gathering. Over the years this course has adopted an increasingly global perspective. Non-US professionals attend LEG523 because there is no training like it anywhere else in the world. For example, a lawyer from the national tax authority in an African country took the course because electronic filings, evidence and investigations have become so important to her work. International students help the instructor, U.S. attorney Benjamin Wright, constantly revise the course and include more content that crosses borders.

About the speaker

This person is speaking at this event.
Benjamin Wright

SANS law training | attorney | privacy, spying, e-discovery, e-commerce, cyber defense, hidden camera, computer investigation, forensics, subpoena bio from Twitter

Sign in to add slides, notes or videos to this session

Tell your friends!


Date Mon 9th May 2016

Short URL


Official session page


View the schedule


See something wrong?

Report an issue with this session