LEG523: Law of Data Security and Investigations

Provided by

Enquire about this course

About the course

New law on privacy, e-discovery and data security is creating an urgent need for professionals who can bridge the gap between the legal department and the cybersecurity team. SANS LEG523 provides this unique professional training, including skills in the analysis and use of contracts, policies, and records management procedures.

What You Will Learn

  • New: The rising influence of EU's General Data Protection Regulation (GDPR) in interpretation of cybersecurty law in the US and around the world
  • New: Compliance at a time when the operations of some enforcers like courts are delayed or curtailed due to pandemic
  • New: Facing a cyber crisis? File a lawsuit in the courts of another country.
  • New: The arrest and criminal indictment of two Coalfire penetration testers in Iowa
  • New: How to balance the right to data privacy versus the right to data security under GDPR and the new California Consumer Privacy Act
  • New: Invoking attorney-client privilege to maintain confidentiality of security assessments such as penetration tests
  • New: Video demonstration of how technical expert witness can handle adversarial cross-examination in a live online court hearing
  • New: Creative insertion of terms, comments, and conditions in blockchain to influence commercial relationships such as contracts for technology services

New law on privacy, e-discovery, and data security is creating an urgent need for professionals who can bridge the gap between the legal department and the cybersecurity team. SANS LEG523 provides this unique professional training, including skills in the analysis and use of contracts, policies, and insurance security questionnaires.

This course covers the law of crime, policy, contracts, liability, compliance, cybersecurity, and active defense - all with a focus on electronically stored and transmitted records. It also teaches investigators how to prepare credible, defensible reports, whether for cyber crimes, forensics, incident response, human resource issues, or other investigations.

The Global Information Assurance Certification (GLEG) associated with LEG523 demonstrates to employers that you have absorbed the sophisticated content of this course and are ready to put it to use. This coveted GIAC certification distinguishes any professional - whether a cybersecurity specialist, auditor, lawyer, or forensics expert - from the rest of the pack. It also strengthens the credibility of forensics investigators as witnesses in court and can help a forensics consultant win more business. And the value of the certification will only grow in the years to come as law and security issues become even more interconnected.

The course also provides training and continuing education for many compliance programs under information security and privacy mandates such as GLBA, HIPAA, FISMA, GDPR, and PCI-DSS.

Each successive day of this five-day course builds upon lessons from the earlier days in order to comprehensively strengthen your ability to help your public or private sector enterprise cope with illegal hackers, botnets, malware, phishing, unruly vendors, data leakage, industrial spies, rogue or uncooperative employees, or bad publicity connected with cybersecurity. We cover topical stories, such as Home Depot's legal and public statements about payment card breach and lawsuits against QSA security vendor Trustwave filed by cyber insurance companies and credit card issuers (third parties with which Trustwave had no relationship!).

Recent updates to the course address hot topics such as legal tips on confiscating and interrogating mobile devices, the retention of business records connected with cloud computing and social networks like Facebook and Twitter, and analysis and response to the risks and opportunities surrounding open-source intelligence gathering.

Over the years this course has adopted an increasingly global perspective. Professionals from outside the United States attend LEG523 because there is no training like it anywhere else in the world. For example, a lawyer from the national tax authority in an African country took the course because electronic filings, evidence, and investigations have become so important to her work. International students help the instructor, U.S. attorney Benjamin Wright, constantly revise the course and include more content that crosses borders.

Recently Mr. Wright taught LEG523 in Singapore to a classroom of students representing numerous countries, diverse organizations and many different professions. The students gave the course high marks because it teaches generic, timeless lessons applicable around the world.

One thing that sets this course apart is its emphasis on ethics. The course teaches practical lessons on ethical performace by cyber defenders and digital investigators.


  • Choose words for better legal results in policies, contracts, and incidents
  • Implement processes that yield defensible policies on security, e-records, and investigations
  • Reduce risk in a world of vague laws on cyber crime and technology compliance
  • Carry out investigations so that they will be judged as ethical and credible
  • Persuade authorities that you and your organization responded responsibly to cybersecurity, privacy, and forensic challenges.


  • Work better with other professionals at your organization who make decisions about the law of data security and investigations
  • Exercise better judgment on how to comply with privacy and technology regulations, both in the United States and in other countries
  • Evaluate the role and meaning of contracts for technology, including services, software, and outsourcing
  • Help your organization better explain its conduct to the public and to legal authorities
  • Anticipate cyber law risks before they get out of control
  • Implement practical steps to cope with technology law risk
  • Better explain to executives what your organization should do to comply with information security and privacy law
  • Better evaluate technologies, such as digital archives and signatures, to comply with the law and serve as evidence
  • Make better use of electronic contracting techniques to get the best terms and conditions
  • Exercise critical thinking to understand the practical implications of technology laws and industry standards (such as the Payment Card Industry Data Security Standard).

GIAC Law of Data Security & Investigations

The GIAC Law of Data Security & Investigations (GLEG) certification validates a practitioner’s knowledge of the law regarding electronically stored and transmitted records. GLEG certification holders have demonstrated knowledge of the law of fraud, crime, policy, contracts, liability, IT security, and active defense.

  • Business Policies and Compliance, Contracts and Third Party Agreements

  • Data Retention and E-Discovery, Fraud and Misuse

  • Intellectual Property, Privacy and PII


Start date Location / delivery
28 Jun 2021 Online Book now
12 Jul 2021 Online Book now

Related article

At GIAC, we believe that hands-on testing is the future of cybersecurity certification. With five certification exams featuring CyberLive , and thr...