Investigating IT Misuse in the Organisation - Training

Participants attending the course will learn to:

» Identify, assess and respond to incidents of IT misuse of both internal and external origin
» Initiate and carry out, or assist with, an investigation of IT misuse within your company
» Co-ordinate and manage a major enquiry
» Use proven procedures and techniques: from developing investigative processes to confronting the suspect
» Understand and apply related laws and litigation
» Design and implement necessary contingency plans to respond to suspected fraud or IT misuse and crime
» Instil awareness and train your staff to respond quickly and effectively in problem situations

---

---

COURSE SCHEDULE

DAY 1     

A lecture-based exploration of the key issues surrounding IT misuse in the workplace. Using real-life examples to demonstrate current theories and procedures, instructors will lead active discussions to relate these to participants’ particular situations.

Laws and litigation
Topics include: Computer Misuse Act; Data Protection Act; Police and Criminal Evidence Act; Interception of Communications Act; Regulation of Investigatory Powers Act; Criminal Procedures and Investigations Act; Human Rights Act.

IT Threats to the Organisation
Topics include: IP theft and breach of contract; Impersonation and hacking; Password compromise; Common IT frauds; Data Ransom and attempted extortion; Electronic Funds Transfer manipulation and settlements fraud; Hi-tech product piracy and reverse engineering; Trojan Horses, trapdoors, logic bombs and viruses; Electronic hate mail and anonymous letters, Libellous and litigious electronic mail; Pornographic material and the law

Managing Allegations
Topics include: Early warning indicators; Operational security; Planning the investigation; Discreet evidential sources; Audit trails, CCTV access, control trails, call logs; Data interrogation tools

Approaching the IT “Scene of Crime”
Topics include: How to secure ADMISSIBLE evidence; Overlooked essential sources; Computer forensic techniques; Personal computers and storage media; Disk imaging technologies and investigative software; Management of different operating systems; Circumventing password controls; Mainframes, minicomputers LANS, WANS and distributed environments.

Using the Power of the Courts
Topics include: Search Warrants; Civil Search Orders; Legal Discovery

Investigative Resources
Topics include: Electronic surveillance and monitoring technology; Forensic support, Questioned documents, video and audio enhancement

Managing IT Evidence
Topics include: Handling and storing computer media; Continuity of evidence; Non-repudiation techniques and technology; The section 69 certificate; ACPO guidelines

End Game
Topics include: Securing exposed systems and processes; Handling the suspect; Interview methods; Cautioning; Termination of employment; Is prosecution necessary?

Who should attend? Suggested participant profiles:

All managers who are in some way accountable for the management, protection or security of the IP and/or IT systems of their company. Also those involved in the detection, reporting, investigation and prosecution of IT misuse, crime or fraud from both the public and private sectors

Job titles of delegates on past courses:

Chief Investigator, Counter Intelligence Investigator, Technical Director, Senior Security Officer, Corporate Security Investigator , Systems Security Architect, Security Specialist, Internet Security Specialist, Data Processing Specialist, IT Security  Co-Coordinator,  Network Designer, Senior IT Officer, IT Operations Manager, Security Analyst, Data Protection Officer, Internet Safety Advisor.

---

---

DAY 2

“Sir, something looks very wrong here…”

This worrying statement kicks off a complex investigative simulation that mirrors a real life incident of serious IT misuse in the workplace. Working in select teams, participants will need to review what they have learnt in day one, filtering this learning and deciding which elements apply to this particular case. They need to determine which strategies best apply, which procedures need to be followed, the legalities that need to be kept in mind, and the potential pitfalls that might compromise their investigation. Most critically, when a suspect, or suspects, are finally identified, participants will be asked to determine their “end game” – how should they close events and what is the best outcome they can expect?

This simulation places the emphasis on lateral thought, requiring that participants explore every possible aspect of the incident, rather than focusing on the software or technology alone. The progress that the teams make is assessed through regular reports that must be given to senior management throughout the day, to deadline, and in which they must explain their findings and investigative strategies. Although some guidance may be given by the instructors, it is essentially up to the participants to monitor their own progress and revise strategies as and when necessary.

The day, and the programme as a whole, closes with interactive feedback sessions, led by the instructors, in which participants analyse their actions and consider alternative approaches that might have been taken. This wrap-up session contextualizes the events of the day and relates them back to the subjects covered in day one.

---

JOIN THIS COURSE:

If you would like to apply to this course or discuss your interest further:

CLICK HERE TO APPLY

Or request further information:

 Email: itmisuse@ambertec.net

 Tel: +44 (0)1202 828088

* excl. VAT discounts available - please contact us for further information.