Threat actors are not magic and there is not an unlimited, unique list of threats for every organization. Enterprises face similar threats from similar threat sources and threat actors - so why does every organization need to perform completely unique risk assessments and prioritized control decisions? This presentation will show how specific, community-driven threat models can be used to prioritize an organization's defenses - without all the confusion. In this presentation James Tarala, the Chief Cartographer for the Council on CyberSecurity and contributor to the Critical Security Controls project, will present a new, open, community-driven threat model that can be used by any industry to evaluate the risk that faces them. Then he will show how to practically use this model to prioritize enterprise defense and map to existing compliance requirements facing organizations today. Whether you are in the Department of Defense or work for a small mom and pop retailer, you will be able to use this model to specifically determine a prioritized defense for your organization.