Register Here
If you are attending the SANS London March 2025 training event you do not need to register to attend this event.
SANS Community Nights are a great way to stay in touch with your local InfoSec community and to hear the latest in technical wizardry, industry intelligence, and thought leadership from our amazing instructors.
Join us at:
De Vere Grand Connaught Rooms,
61-65 Great Queen St.
London
WC2B 5DA, United Kingdom
View the agenda below:
Tuesday 4th March 2025
17:30 – 18:00
Registration and Drinks
18:00 – 19:00
Cybersecurity Standards Scorecard (2025 Edition) with Russell Eubanks
19:00 – 20:00
Not so private browsing! with Mattia Epifani
Abstract(s):
Cybersecurity Standards Scorecard (2025 Edition) | 6:00pm - 7:00pm
In the 1990s, government agencies, industry groups, and cybersecurity researchers started creating cybersecurity standards, and these standards led to cybersecurity regulations and laws that dictate to organizations what they must do to protect their data. Today, there are dozens of standards dictating thousands of cybersecurity controls that organizations can consider when building their cybersecurity plans. Every year, more standards are released, and the confusion grows. To make the problem even more challenging, no two standards are the same or cover the exact scope of defenses. This reality has led to confusion and frustration for organizations seeking to build comprehensive cybersecurity programs. What should we do, what can we do, or what must we do to protect our information systems? Until recently, there has not been a Cyber Rosetta Stone for security and privacy professionals to compare these standards. Most organizations have limited resources and must choose which controls to implement and which to ignore. We haven’t had risk or threat models to demonstrate why specific cybersecurity controls are essential and what should be prioritized. In this talk, Russell Eubanks, Principal Faculty at the SANS Institute and Managing Partner at Cyverity, will explain the state of cybersecurity standards in 2025 with a scorecard comparison of popular standards based on specific, measurable research. This presentation is an annual report that will focus primarily on the changes to the cybersecurity standards space over the past year. He will also introduce a Cyber Rosetta Stone that simplifies building cybersecurity control libraries across all the standards. Attendees will leave this webcast with a clear understanding of the differences and gaps in cybersecurity standards that will support their informed decisions about which standards to use when building their cybersecurity programs.
Not so private browsing! | 7:00pm - 8:00pm
Private browsing, often referred to as "Incognito Mode," is widely considered a way to maintain privacy during internet use. However, while this mode may obscure browsing activity from casual users and the device’s history logs, it does not guarantee complete anonymity. In this presentation, we will explore how digital forensics techniques can be employed to recover traces of internet activity from both computers and smartphones, even when private browsing is enabled. We will discuss how forensic experts access cached data, DNS requests, and temporary files left behind by incognito sessions, demonstrating that "private" does not always mean "invisible." Attendees will gain insights into the limitations of private browsing and the forensic methods used to retrieve this seemingly hidden information. I plan to organize the presentation in this way: - Brief introduction about most commonly used browsers on computers and smartphone - Brief introduction about Digital Forensics techniques to extract data from computers and mobile devices (differences and similarities) - Case study on different browsers (Window, MacOS, iOS, Android) - Sample dataset download for attendees to test some of the discussed points