This course covers the law of business, contracts, fraud, crime, IT security, IT liability and IT policy -- all with a focus on electronically stored and transmitted records. LEG 523 is a four-day package delivering the content of the following one-day courses:

• LEG 417 (Legal Issues in Information Security: InfoSec)
• LEG 416 (Business Law and Computer Security)
• LEG 412 (Contracting for Data Security)
• LEG 413 (The Law of Fraud)

See the description for each of these four one-day courses for detailed outlines and statements of course content.

Who should attend:

• Security and IT professionals
• Lawyers
• Paralegals
• Auditors
• Accountants
• Technology Managers
• Vendors

In this introduction to Law and IT, students survey information technology and the general legal issues that must be addressed in establishing best InfoSec practices. The course covers computer crime and intellectual property laws when a network is compromised as well as emerging topics of honeypots, active defenses, i.e., enterprises hacking back against hackers, due care and will have a grasp of how this will affect future technologies. A key goal is to help professionals factor in legal concerns when they draft enterprise IT security policies.

The course will close with a lab on the drafting of IT security policies from a legal perspective. Students will try their hand a drafting the outlines of a policy for their enterprise.

Transactions that used to be conducted on paper are now done electronically. So now, commercial law applies to computer security. The IT function within an enterprise has become the custodian of the enterprises business records.

The control and security of information systems now affects the formation of contracts, proof of legal commitments and liability for wrongdoing. You will learn about the laws governing the day-to-day business of a corporation or government entity, as those laws apply to the protection of information and computer systems. The course will introduce emerging problems, such as liability for privacy breaches and the problems of disclosing homeland security information to government, and will suggest specific action items for you to take back to your job. Participants will examine many actual court cases.

This course is focused on the essentials of contract law sensitive to the current legislative requirements. Compliance with many of the new data security laws requires contracts. Because IT pulls together the products and services of many vendors, consultants and outsourcers, enterprises need appropriate contracts to comply with Sarbanes-Oxley, Gramm-Leach-Bliley, HIPAA, EU Data Directive, California Senate Bill 1386 and others.

When appropriate, this course leaves the student with practical steps and tools to be applied in his or her enterprise. It includes a lab at the end of the day to help students learn about writing contract-related documents relevant to their professional responsibility. Students will learn the language of common IT contract clauses to learn the meaning of and issues surrounding those clauses and become familiar with specific legal cases to show how different disputes have resolved in litigation.

The Sarbanes-Oxley Act, which was adopted as a reaction to the commission of fraud at Enron, is forcing companies to tighten all controls, top to bottom. Fraud is now a focus of IT. Students learn what fraud is, where it occurs, what the law says about it, and how it can be avoided and remedied.

Students become familiar with actual fraud cases, especially those involving IT. The purpose is to acquaint the student with the range of modern business crimes, whether committed by executives, employees, suppliers or whole companies.