Computer Crime Training Overview

Understanding how to prevent and reduce computer related criminal activity is a great challenge in the 21st Century. Ease of access to communications, changing technology topography, coupled with globalisation has made the task of curbing the phenomenon more complex.

 

New threats and vulnerabilities are springing up at an exponential rate, and it is now widely recognised that in order to reduce the success of computer related crime there needs to be a drive by governments in conjunction with the private and academic sectors to make the general public aware of the pitfalls of using computers and communication systems in their work and home environments.

 

Across the globe, governments have adopted initiatives, which they hope will act as instruments that will assist in broadening user awareness of the importance of why it is paramount to adopt a computer crime awareness culture. The ultimate aim of which is to reduce the success of computer related criminal activity occurring.

Examples of such measures include but are not limited to the following:

• Security awareness programs to make user groups aware of the need to be security conscious in their daily use of computer and communication equipment;
  
• Enactment of computer crime legislative frameworks;
  
• Development of bodies that will enforce legislation where it has been determined to have been breached;
  
• Establishment of security response centres to respond to computer crime threats and breaches;
  
• Development of international co-operation and knowledge exchange between governments, commercial and academic bodies to attain better understanding of how to deal with computer crime issues.

Of all the above methods, it is to be noted that training and awareness campaigns are the most effective means of getting the message across. As such, DataLaws has developed courses, which provide delegates the opportunity to understand the synergy between technology and law in the fight against computer related criminal activity.

The benefit of selecting DataLaws to provide these courses to your organisation include the following:

• Staff become aware of computer crime and information security issues, thus reducing exposure to common methods used by criminals to exploit weaknesses in your environment;
  
• Staff are able to put into practice what they have learnt thus increasing productivity;
  
• Increases staff moral and job satisfaction leading to a reduction in staff turnover.

Let DataLaws train your staff on computer crime issues

 

Our Courses: DataLaws provides the following courses:

1. Reducing Exposure to Computer Related Crime: An Executive’s perspective to Information security governance

This three-day course provides executive and senior management with an understanding of the challenges in managing information security so as to curtail computer crime within their organizations. It exposes participants to knowledge, which would aid in understanding, identifying, and reducing exposure to information security and related breaches. It focuses on a top-down management approach, applicable information security laws and regulations, cost benefit analysis and also the tangible operational benefits of having an executive driven Information Technology Program.

Introduction

Senior management commitment to information security is beneficial to the success of any information security program, as research has identified it as the single most critical element of the program.

 

Organisations have become dependent on information and technology to meet and achieve business goals and objectives, thereby making information technology a strategic enabler. The identification, classification and protection of information assets has become a key element of organisational continuity and survival.

The course is provided in a different format due to the unique nature of its participants. It consists of lectures, interactive discussions, and workshops focusing on answering critical questions identified as key challenges for executive and senior management.

• Who needs to be involved in the running and decision making process of an information security program?
  
• What key activities are required to build an effective program?
  
• Why a top-down management approach is is critical for success, when investing in an information security program
  
• What information security laws, regulations, standards and best practices are pertinent to my organisation?
  
• Where do I start or focus my attention in accomplishing my keys goals
  
• How do I ensure my organisation can continue to function effectively in the event of a major system failure
  
• How do I evaluate the effectiveness and cost benefit/savings of my information security program

Other relevant areas covered

• Highlight current computer attack methods
  
• Presenting benefits of deploying information security tools
  
• Raising forensic analysis awareness
  
• Importance of information asset identification and classification
  
• Business continuity planning, a key to survival in the digital age

Key Takeaways
On completion of this course, participants will be able to:

• Identify where to focus attention in accomplishing critical information security goals
  
• Acquaint themselves with information security laws, regulations, standards, and guidance needed to understand how to build an effective security program
  
• Recognise key activities for building an effective information security program
  
• Evaluate the effectiveness of information security program
  
• Realise why they need to invest in information security

Target Audience

• Executives of Commercial and Government institutions
  
• Directors of Commercial and Government institutions
  
• Senior managers of Commercial and Government institutions
  
• Chief Technology Officers
  
• Chief Information Officers
  
• Chief Finance Officers
  
• Heads Of Legal
  
• Heads of Audit
  
• Heads of Human Resources
  

___________________________________________

2. Implementing Technology and Applicable Law To Combat Crime:

This comprises a five-day course, which outlines technical and legal issues used for curtailing computer related crime.

Overall course objective:

Familiarise participants with computer crime and how to reduce the risk by adopting industry standard information security practices and existing international information security and computer crime laws.

Key objectives

• Exposing current computer crime trends;
  
• Introducing security concepts (standards, policies, procedures and practices);
  
• Presenting benefits of deploying information security tools;
  
• Identifying international information security and computer crime legislation;
  
• Drafting practical information security policies;
  
• Raising forensic analysis awareness.

Key Takeaways
On completion of this course, participants will be able to:

• Understand risks and identify countermeasures to computer related crime;
  
• Gain foundation in international information security legislation;
  
• Acquire skills for a practical approach to handling information security incidents;
  
• Manage information security issues regarding 3rd parties;
  
• Identify issues relating to Data Protection;
  
• Tailor information security policies to meet their organisations specific requirements;
  
• Understand technicalities of forensic investigations.

Target Audience

• Law enforcement and Government officials responsible for developing computer crime strategies;
  
• Legal practitioners who want to understand the synergy between information technology, information security and law;
  
• Individuals responsible for creating information technology legislation;
  
• Information technology and businesspersons who want to have a better understanding of computer crime, information security and law;
  
• Financial institutions officials responsible for defining, implementing and/or managing Information Technology;
  
• Information technology managers who want to know more about information security.
  

Course Outline: Day One:

Part 1
Computer Crime overview,

• The past 10 years;
  
• Examples of computer related crime;
  
• Introducing hacking methods
  
• Spyware and Cookies
  
• Phishing
  
• Spam
  
• Denial of service
  

Part 2
Information Security Basic Concepts

• Confidentiality, Integrity, Availability
  
• Information security risks, threats and vulnerabilities
  
• Information security policies;
  
• Information security standards;
  
• Information security practices;
  
• Information security staffing requirements;
  
• Common Mistakes;
  
• Round up.

Day Two:

Part 1

• Information Security Standard Overview focus on ISO 27001Security Policy
  
• System Access Control
  
• Computer and Operational Management
  
• System Development and Maintenance
  
• Physical and Environmental Security
  
• Compliance
  
• Personnel Security
  

Part 2

• Security Organization
  
• Asset Classification and Control
  
• Business Continuity Management (BCM)
  
• Awareness Programs
  
• Group Exercise
  

Day Three:

Introduction to tools used for curtailing computer crime

Part 1

• Firewalls
  
• Intrusion Detection
  
• Monitoring
  
• Auditing
  
• Content Filtering
  
• Anti-Virus
  
• Penetration Testing
  

Part 2

• Port Scanning
  
• Network Scanning
  
• Application Scanning
  
• Hardening Operating systems
  
• Obligations for implementing security
  
• Access Control
  
• Encryption

Day Four:

Introduction to information security and computer crime legislation

• European Cybercrime Convention ETS No.185 (EU)
  
• Security Breach Notification legislation (US);
  
• Federal Information Security Management Act 2002 (US)
  
• Sarbanes-Oxley Act (Focusing on Section 404) (US);
  
• Gramm-Leach Bliley Act (US);
  
• Computer Misuse Act 1990 (UK);
  
• Regulation of Investigatory Powers Act 2000 (UK)
  
• Lawful Interception
  

Part 2

• Data Protection Act 1998 (UK);
  
• Personal Data Privacy and Security Act 2005 (US);
  
• Privacy of Communications Directive 2002/58/EC (EU);
  
• Data Retention issues;
  
• Nigerian Technology Law Review
  
• Sectoral laws or one law fits all?
  
• Contractual issues for Managing third parties
  

Day Five:

• Handling a security breach
  
• Sample incident handling policy
  
• Incident handling process
  
• Incident handling procedure
  
• Group Exercise
  
  

Part 2

• Forensic investigation: Introduction and Key Issues;
  Round up & closing.
  

 

 

3. Data Protection and Information Security, in a Globalised World, Issues, Risks and Solutions:

This comprises a two-day course, which introduces participants to the challenges in managing personal data in global environments.

Overall course objective:

This course provides an opportunity for individuals tasked with handling personal data to understand and update their knowledge on current legal and technical trends for protecting personal information. The course combines exercises, real-life examples and encourages delegate participation to allow wider understanding of the issues.

Key objectives

• Identifying key aspects of data protection legislation;
  
• Expose practical trends for protecting personal data;
  
• Introducing non technical concepts (policies, procedures and processes);
  
• Presenting benefits of deploying information security tools;
  
• Raising Identity theft awareness;
  
• Familiarise participants with modern methods for safeguarding personal information within their organisations.
  

Key Takeaways
On completion of this course, participants will be able to:

• Understand risks and threats to personal information;
  
• Gain foundation in data protection legislation;
  
• Identify issues relating to identity theft;
  
• Tailor policies to meet data protection requirements.
  

Target Audience

• Government officials responsible for managing personal data;
  
• Individuals responsible for data protection strategies;
  
• Legal practitioners who want to understand the synergy between information technology, information security and data protection;
  
• In house lawyers;
  
• Information technology and businesspersons who want to understand issues surrounding personal information/identity theft;
  
• Financial institution officials responsible for managing customer personal information;
  
• Information technology managers who want to know more about protecting personal information. Course Outline:
  

Day One:

Part 1
Personal Information Overview

• What is personal information?
  
• Personal information has value;
  
• How personal information is collected;
  
• Identity Theft, The growing problem?
  
• Information Breaches;
  
• Safeguarding personal Information;
  

Part 2
Data Protection Overview

• Why does personal data need to be protected;
  
• What is data protection;
  
• Data Protection Legislations;
  
• Data Protection Principles;
  
• Sharing personal data the issues;
  
• Round up Exercise.
  

Day Two:

Part 1
The Technical Issues

• Implementing appropriate security and technical controls;
  
• Access control why it is critical;
  
• Segregation of duties, a need to view basis;
  
• Benefits of enabling monitoring;
• Policies, processes and procedures;
  

Part 2
Organisational Issues

• Contracts;
  
• Training;
  
• Benefits of personal data awareness programs;
  
• How to handle a breach of personal information;
  
• Evidence issues and data preservation;
  
• Personal data and third parties;
  
• Real life cases involving information breaches, what we can learn;
  
• Round Up Exercise
  

 

___________________________________________

4. Information Security and the Law, What lawyers need to know:

This comprises a three-day course, which outlines legal and technical measures for curtailing computer related crime in commercial and government organisations.

Overall course objective:

Familiarise lawyers with computer crime methods, computer crime legislation and best practice information security and technical measures.

Key objectives

• Introducing security concepts (standards, policies, procedures and practices);
  
• Exposing current computer crime trends;
  
• Identifying international information security and computer crime legislation;

Key Takeaways
On completion of this course, participants will be able to:

• Understand current threats and vulnerabilities that may affect commercial organisations;
  
• Gain knowledge of international legislations relating to computer crime;
  Obtain ability to identify mechanisms for handling information security incidents;
  
• Acquire skills for identifying information security issues regarding 3rd parties;
  
• Understand technicalities of implementing security processes;

Target Audience

• In-house lawyers who want to understand their organisations responsibility for implementing information security
  
• Legal practitioners who want to understand the synergy between information technology, information security and law;
  
• Law enforcement and Government officials responsible for developing computer crime strategies;
  
• Individuals responsible for creating information technology legislation;
  
• Information technology managers who want to know more about information security and computer crime legislations.

Course Outline: 

Day One:

Part 1
Information Security Overview,

• What is Information Security?
  
• Information Security Breaches and Their Effects
  
• Computer Crime Cases
  
• Organisational Responsibility
  
• Contractual Issues for Managing Third Parties;
  
• Role of in-house Lawyers
  
• Selling the Message
  

Part 2
Understanding Technical Measures

• Minimum Requirements
  
• ISO 27001 Overview;
  
• Process; Policies, Procedures
  
• Information Security Tools
  
• Auditing and Monitoring
  
• Exercise with delegate participation
  
• Round up

Day Two:

Part 1
Introduction to information security and computer crime legislation with case overview

• European Cybercrime Convention ETS No.185 (EU)
  
• Security Breach Notification legislation (US);
  
• Federal Information Security Management Act 2002 (US)
  
• Sarbanes-Oxley Act (Focusing on Section 404) (US);
  
• Gramm-Leach Bliley Act (US);
  
• Personal Data Privacy and Security Act 2005 (US);
  

Part 2

• Computer Misuse Act 1990 (UK);
  
• Data Protection Act 1998 (UK);
  
• Regulation of Investigatory Powers Act 2000 (UK)
  
• Privacy of Communications Directive 2002/58/EC (EU);
  
• Data Retention issues;
  
• Sectoral laws or one law fits all
  
• Exercise with delegate participation
  

Day three

Part 1
Delegate participation workshop

• Reviewing Information Security Policies;
  
• Handling an Information Security Incident;

Part 2

• Forensic Investigation: Introduction and Key Issues;
  
• Evidence Issues and Data Preservation;
  
• Round Up Review
  
• Closing
  

___________________________________________

5. Information Security Documentation (Policies, Procedures And Processes)

“The Complete Guide to Information Security Policies, Procedures and Processes”
This course provides an opportunity for security and compliance professionals to understand update their knowledge on implementing information security policies, procedures and processes. The course combines exercises, real-life examples and participant interaction to allow delegates understand the issues.

Overall course objective:

Familiarise participants with how to write meaningful and adequate information security documents

Key objectives

• Introduce information security documents (standards, policies, procedures and practices);
  
• Present benefits of deploying information security policies;
  
• Outline best practice methods for developing, implementing and maintaining Information Security policies

Key Takeaways
On completion of this course, participants will be able to:

• Understand key components of Information security documentation;
  
• Distinguish between a policy, procedure and process;
  
• Acquire skills for a practical approach to defining contents of policies, procedures and processes;

Target Audience

• Chief Information Officers;
  
• Information Security Managers;
  
• Information Technology Managers;
  
• Compliance Managers;
  
• Technical authors;
  
• Users of technology wishing to understand about the benefits of information security policies and procedures.
  

Day One

Part 1

• Information Security Documentation,
  
• What is information security documentation?
  
• Highlighting importance of information security documents;
  
• Legislative requirements.

Part 2

Introduction to Information Security Documents

• Information security policies;
  
• Information security standards;
  
• Information security practices;
  
• Information security processes
  
• Delegate interactive session

Day Two

Part 1

Components and Content of a policy examples

• High level security policy;
  
• Access control policy;
  
• Acceptable use policy;
  
• Email policy;
  
• Security breach policy.
  Components and Content of Information Security Standards
  
• Information Security Standards;
  
• An overview of ISO 27001;
  
• Operating system and application Information security hardening standards.

Part 2

Participation and interaction session:

• Understanding information processes
  
• Invoking policies, procedures and processes
  
• Handling an information security incident;
  
• Evidence issues and data preservation;
  
• Real life cases involving information security breaches;
  
• Third parties and contractors things to consider in your policies
  
• Round up and closing.

 

___________________________________________

6. Implementing Effective and Practical Information Security Awareness Programs

“Developing an Information Security Awareness Program”
This two-day course provides an opportunity for security and compliance professionals to understand and update their knowledge on Implementing Information Security Awareness Programmes. The course combines exercises, real-life examples and participant interaction to allow delegates understand the issues.

Overall course objective:

Familiarise participants with methods for developing implementing and maintaining an information security awareness programme for their organisation

Key objectives

• Introduce Information Security Awareness concepts;
  
• Identify Information Security Awareness planning and organisation strategies;
  
• Presenting benefits of deploying Information Security Awareness programs;
  
• Outline best practice methods for developing, implementing and maintaining Information Security Awareness programs;
  
• Highlight techniques for measuring effectiveness of Information Security Awareness program.

Key Takeaways
On completion of this course, participants will be able to:

• Structure an Information Security Awareness program for their organisation;
  
• Acquire skills for a practical approach to maintaining Information Security Awareness within their organisations;
  
• Identify the Benefits of Information Security Awareness programs;
  
• Tailor Information Security Awareness programs to meet their organisations specific requirements;
  
• Update and improve their Information Security Awareness programs.

Target Audience

• Chief Information Officers;
  
• Information Security Managers;
  
• Information Technology Managers;
  
• Compliance Managers;
  
• Individuals responsible for internal training within their organisations;
  
• Users of technology wishing to understand about the benefits of Information Security Awareness;

Course Outline:

Day One

Part 1

Introduction

• Why Information Security Awareness;
  
• Awareness and Training Program Design;
  
• Structuring awareness training activity;
  
• Conducting a needs assessment;
  
• Developing the awareness and training plan;
  
• Establishing priorities;
  
• Setting the level of complexity;
  
• Funding the program.

Part 2

Awareness and Training Material Development

• Developing awareness material;
  
• Selecting awareness topics;
  
• Sources of awareness material;
  
• Developing training material;
  
• Sources of training courses and material.

Day Two

Part 1

• Program Implementation
  
• Communicating the plan;
  
• Techniques to deliver awareness material;
  
• Techniques for delivering training material.

Part 2

Post Implementation

• Monitoring compliance;
  
• Evaluation and feedback;
  
• Managing change;
  
• Ongoing improvement;
  
• Program success indicators;
  
• Common Models;
  
• Round up.
  

 

___________________________________________

Course Locations

While our courses are typically held in the United Kingdom, clients wishing to train more than ten people at a time can save costs by having the courses conducted at their offices or suitable locations subject to agreement.

Course Director

F. Franklin Akinsuyi (LL.B, MSc, LLM) MBCS
A law graduate, Franklin has a master’s degree in Business Information Technology from Middlesex University where he specialised in secure electronic transactions over the Internet. He also has a masters in Computers and Communications Law from the Centre of Commercial Law Studies (Queen Mary University) UK, specialising in Privacy and Security Laws. Over the past 12 years, he has advised numerous global organisations on how to map their environments information security strategies and practices to meet legislative requirements. He has been a Data Protection consultant for one of the UK’s largest utility companies advising on Data Protection issues. Franklin has also been a Sarbanes-Oxley consultant where he has advised six multinational organisations in different industries on implementing effective internal controls to meet Sarbanes-Oxley requirements.

More recently Franklin has been involved in advising how to reduce risks to key e-government systems located in onshore and offshore environments.

Franklin is a member of the Society for Computers and Law, he is also a member of the British Computer Society.

 

Franklin also writes Technology Law related articles for the Nigerian Economic Summit Group.

For more information please visit our website www.datalaws.com

Folajimi Franklin Akinsuyi (LL.B, MSc, LLM)

Folajimi Franklin Akinsuyi is the Founding Partner of DataLaws, where he specialises in Information Technology Contract Negotiations, Information Security Law, Data Protection, Electronic Commerce and Identity Theft.

 

He has considerable experience of Information Technology, business processes and has been involved in the implementation of Global IT projects.

 

Sectors he has worked in include the following:

• Government
  
• Information Technology
  
• Media
  
• Telecommunications
  
• Oil and Energy
  
• Insurance
  
• Finance and Banking

Franklin as he is known in professional circles has a first degree in law gained from The University of Ife, Masters in Business Information Technology (specialising in information security), which he gained from Middlesex University, and a Masters in Computers and Communications Law gained from the Centre for Commercial Law Studies (Queen Mary, University of London).

 

Prior to establishing DataLaws, he worked extensively as an information security consultant utilising his hybrid skills to advise organisations on how to implement appropriate information security measures for complex projects in line with legislative and regulatory requirements.

 

Organisations where he has utilised these hybrid skills include the following:

 

Nortel Networks where he assisted in writing a logical security concept document in order for KNRW (Digital TV) to comply with German legislative requirements.

Centrica: Data Protection Audit Consultant: conducted a technical data protection review for the online House.co.uk environment and was also a Member of the British Gas Data Leadership Team.

• Flag Telecom
  
• Phillips (Netherlands)
  
• Royal Bank of Scotland
  
• BACS
  
• The Woolwich
  
• Nortel Networks/Oniway (Portugal)
  
• EnglandNet
  
• Allnet
  
• EDS/DWP

He has also provided consultancy to Marsh (Insurance), Shell (Oil), Unilever (Manufacturing) , Thermo Corporation (High-Tech Equipments), Telewest (Telecommunications) and United Utilities ( Energy) on implementation and remediation of Sarbanes–Oxley corporate governance general controls.

 

Franklin has also provided consultancy to third party outsourcing organisations tasked with providing support/ maintenance and processing of data on behalf of government departments.

 

Franklin's background ideally suits him to being able to understand the converging issues between information technology and law to enable him advise clients on how to map their complex technical projects to diverse legislative and regulatory requirements.

 

Franklin is also the Principal security consultant at Zylt consulting an Information Security Consultancy.

 

He is a member of both: The Society for Computers and Law (Internet Interest Group) and the British Computer Society.

 

email: fakinsuyi@datalaws.com