Law of Data Security & Investigations Review (GLEG) LEG523

AnthonyFAnthonyF Member Posts: 109
I promised a review of the SANS GLEG Law of Data Securityand Investigations Course in Vegas last month. Ladies and gents here it is….
I hope it will provide some insight into this particular course.
It was my first SANS course. I will spare you the explanation of that as JD did a great write up for his 401 course attendance. Snacks are great… Vegas is evil.

I went to this course for a couple of reasons. The first reasonis that this is one of the domains for ISSMP and I am taking that later on this month. The whole 2 birds with one stone thing. The second and work relatedreason is that I have to re-architect my organizations privacy policy and developa reproducible compliance program and auditing template/package. I hoped this class would shed a different light on the subject for me.

The classroom makeup was diverse. I was in the class with CEO’s, CISO, CSO, ChiefCounsel for an FBI Office along with several lawyers and securityadministrators.

The class was amazing and the instructor Ben Wright isexcellent. Class presentation was loose and dynamic we were never tied to theslides only as a point of reference. We did discuss the laws quite a bit buteverything was in the form of discussion. Nothing dry or repetitive. Learningtook place in the form on vignettes which really brought out the learningpoints. It is a class aimed at managers who need to know not only the impact of the laws but the perception of compliance and the importance of that perception.

The most important lesson is that you may be legally right. But itis the court of public opinion that counts the most. Be honest abouteverything. The law hates incomplete truths or answers. It feeds the mob or your state AG.

This class was beyond anything I expected and was a truelearning experience. If you work with policy, compliance or just want a higher level of understanding of the black and white laws this class is for you.
I am pushing to make this class a part of the professional development curriculum for managers within my organization. It is truly money well spent.

I encourage you all to go. There is nothing complex about the material. I did not go because I was unfamiliar with the laws. But there is a difference between training and education. This course will build upon your preexistingknowledge and take you to that next level.
On a side note you only get the full effect from going in person. I do not recommend taking this class by any other method.

Table of Contents = None? Really? Forcing me to do a TOC for reference is kind of kindergarten. I can read and retain without that. If I do not study and learn the material shame on me I lose 5K (well my employer). I am sure there is much debate on that. But I do not see the value of withholding the TOC. Maybe it is the SANS thing just like the six week wait was an ISC2 thing.

10 days to take the test? I understand the brain ****/pumpand **** argument but in contrast who knows as much about anything the day beforethey take an exam? I mean it is already open book. Who are we kidding here? Don’t we all cram before an exam? No matter how well we know the subject.
I do get the whole it takes time to get it all worked out response. There is a hell of a lot of people at those things. If that is thereason then more power to them. I guess those are the only negatives.

I will be at the SanDiego event for FOR 408. Anyone else headed there?

If you have specific questions about the course let me knowand I will do my best to get you an answer.
Just my 2 cents.


  • docricedocrice Member Posts: 1,706 ■■■■■■■■■■
    Thanks for the review. A co-worker of mine was at that conference and took 560. Having been in that town back in July for Black Hat / DEF CON and then will be again this month for another conference, I opted to not do training in Vegas. LEG-523 always looked interesting though and considering that legal talks at security conferences are extremely interesting (and usually well-presented), I'm slightly entertaining the idea of taking this class one day. Not sure if I can sit through a week of it though.

    I'm sure the big value-add was the in-class discussions since you can't get that dynamic through OnDemand.
    Hopefully-useful stuff I've written:
  • AnthonyFAnthonyF Member Posts: 109
    I agree. In person is the way to go. I was worried myself about a week long of Law but suprisingly it flew by without dragging too much until the last day. Long days and nights full of indexing and making a Table of Contents wears you down after a while.
  • JDMurrayJDMurray MSIT InfoSec, CISSP, SSCP, GSEC, EnCE, C|EH, CySA+, PenTest+, CASP+, Security+ Surf City, USAAdmin Posts: 11,945 Admin
    Thanks for the great review! I know a few director-level people that I will be sending the link to your post.

    I think the SANS 10-day wait is partly so the SANS training classes cannot be called cram classes for GIAC exams or "cert mills" for GIAC certs. Also, it is partly to allow SANS and GIAC time to coordinate administrative paperwork between the two organizations. Like the (ISC)2, SANS and GIAC are very small organizations personnel-wise. Only a few people are responsible for processing the needs of thousands of customers at any moment in time. Hiring more people wouldn't necessarily eliminates all of the bottlenecks either.
  • paul78paul78 Member Posts: 3,016 ■■■■■■■■■■
    Hi Anthony - I am curious if you think if the materials provided (books and MP3) by itself would be sufficient value for the expense of a GIAC course. I had been toying with the idea of getting the self-study materials.

    But my experience with GIAC courses are that the materials tend to be very high-level. I am familiar with 3 of six exam objectives (PII, Policies and Compliance, Contract Agreements) so I was wondering about the in-depth they get.

    Also - with the PII section - is it US focused or does it delve into EU Privacy Directives?

  • AnthonyFAnthonyF Member Posts: 109
    I do not think that the books and mp3's are of sufficient value. The true value is interacting with the instructor and other class attendees. Most of the class is focused on case studies and discussion amongst the students.

    The books do not get very in-depth. But the in-class discussions do. In regard to EU and other course focus areas. It covers them all from a US and international perspective (when applicable). The discussions are based on the case laws, precedents and factors in thse decisions. Mr Wright teaches all over the world and brings the lessons learned from France, UK and Germany others into the discussion.

    One of the benefits of being there is that you get to steer the conversation into your particular area of interest.

    Here are a couple of his links and blogs.

    Electronic Data Records Law | How to Win E-Discovery

    I reccommend taking the course in person.

    Hope this helps! If I missed any of your points or if you have any other questions let me know.

  • AlexNguyenAlexNguyen Member Posts: 359
    AnthonyF wrote: »
    I will be at the SanDiego event for FOR 408. Anyone else headed there?
    I did the old OnDemand FOR 408 course. If you're already an experienced Windows desktop admin, you won't learn much on the technichal part of that course. I would aim for the FOR 508 course or the EC-Council CHFI course. Law of data security is interesting but it's different from each country. I'm sitting on an introduction to digital evidence course this term, at a local university. It's taught by two LEO and there are a few lawyers in the class, as well as a policeman. The two LEO have more than 25 years of experience each and they talked about real cases that happened. They showed pictures of some real evidences, crime scences, their locals, their equipments, how to deal in court, etc. It's very interesting.
    Knowledge has no value if it is not shared.
    Knowledge can cure ignorance, but intelligence cannot cure stupidity.
  • AnthonyFAnthonyF Member Posts: 109
    I have looked around regarding the FOR 408/508 and I am coming around to your line of thought. I think am going to call SANS and switch the course to 508 on Tuesday.

    Thanks for the input.
Sign In or Register to comment.