Join us for the FREE Cyber Defense Forum | Live Online on October 9


Subscribe to SANS Newsletters

Join the SANS Community to receive the latest curated cyber security news, vulnerabilities and mitigations, training opportunities, and our webcast schedule.

First Public Release of New, Community-Driven Open Source Threat Model to Take Place at SANS 2015 Cybersecurity Training Event in Orlando

  • Bethesda, MD
  • March 4, 2015

SANS Institute, the global leader in information security training, today announced a new, community-driven open source threat model will debut at the SANS 2015 training event in Orlando, FL taking place April 11 - 18. The open source threat model provides extensive data to help information security professionals better understand threats so they can prioritize their organization's defenses against them.

"While very high-level threat models have been released, they lack details. As a result information security professionals are left to their own devices when asked to come up with a risk assessment on how to prioritize their organization's defenses," said SANS Senior instructor, James Tarala. "With the legwork done and taxonomies readily available, organizations can dedicate resources to other threat areas. Because this threat model is a community effort, others will benefit from a broader, deeper model which can be used across multiple industries."

The open source threat model will debut during the April 14th bonus evening discussion, which is open to all participants of SANS 2015. Attendees will learn how to use the open source threat model practically to prioritize their organization's defenses and to map the model to compliance requirements facing organizations today.

To further help organizations stay on top of today's ever-changing threat scenario, SANS has designed a comprehensive course on how to implement the Twenty Critical Security Controls, a prioritized, risk-based approach to security. SANS' SEC566: Implementing and Auditing the Critical Security Controls In-Depth course will help security practitioners understand not only how to stop a threat, but why the threat exists, and how to ensure that security measures deployed today will be effective against the next generation of threats.

SANS 2015 is one of SANS' most extensive security training events featuring riveting bonus evening discussions and demonstrations and an impressive line-up of hands-on, immersion-style information security training. For more information on SANS 2015 in Orlando, including a complete list of courses and bonus evening talks, or to register, please visit:

SANS Media Contact

About SANS Institute

The SANS Institute was established in 1989 as a cooperative research and education organization. Today, SANS is the most trusted and, by far, the largest provider of cyber security training and certification to professionals in government and commercial institutions worldwide. Renowned SANS instructors teach more than 60 courses at In-Person and Live Online cyber security training events, and more than 50 courses are available anytime, anywhere with our OnDemand platform. GIAC, an affiliate of the SANS Institute, validates practitioner skills through more than 35 hands-on, technical certifications in cyber security. The SANS Technology Institute, a regionally accredited independent subsidiary, offers a master’s degree, graduate certificates, and an undergraduate certificate in cyber security. SANS Security Awareness, a division of SANS, provides organizations with a complete and comprehensive security awareness solution, enabling them to easily and effectively manage their ‘human’ cybersecurity risk. SANS also delivers a wide variety of free resources to the InfoSec community including consensus projects, research reports, webcasts, podcasts, and newsletters; it also operates the Internet's early warning system – the Internet Storm Center. At the heart of SANS are the many security practitioners, representing varied global organizations from corporations to universities, working together to support and educate the global information security community. (