Two Days Left to get a GIAC Cert Attempt Included with Online Training through February 20!


Subscribe to SANS Newsletters

Join the SANS Community to receive the latest curated cyber security news, vulnerabilities and mitigations, training opportunities, and our webcast schedule.

First Public Release of New, Community-Driven Open Source Threat Model to Take Place at SANS 2015 Cybersecurity Training Event in Orlando

  • Bethesda, MD
  • March 4, 2015

SANS Institute, the global leader in information security training, today announced a new, community-driven open source threat model will debut at the SANS 2015 training event in Orlando, FL taking place April 11 - 18. The open source threat model provides extensive data to help information security professionals better understand threats so they can prioritize their organization's defenses against them.

"While very high-level threat models have been released, they lack details. As a result information security professionals are left to their own devices when asked to come up with a risk assessment on how to prioritize their organization's defenses," said SANS Senior instructor, James Tarala. "With the legwork done and taxonomies readily available, organizations can dedicate resources to other threat areas. Because this threat model is a community effort, others will benefit from a broader, deeper model which can be used across multiple industries."

The open source threat model will debut during the April 14th bonus evening discussion, which is open to all participants of SANS 2015. Attendees will learn how to use the open source threat model practically to prioritize their organization's defenses and to map the model to compliance requirements facing organizations today.

To further help organizations stay on top of today's ever-changing threat scenario, SANS has designed a comprehensive course on how to implement the Twenty Critical Security Controls, a prioritized, risk-based approach to security. SANS' SEC566: Implementing and Auditing the Critical Security Controls In-Depth course will help security practitioners understand not only how to stop a threat, but why the threat exists, and how to ensure that security measures deployed today will be effective against the next generation of threats.

SANS 2015 is one of SANS' most extensive security training events featuring riveting bonus evening discussions and demonstrations and an impressive line-up of hands-on, immersion-style information security training. For more information on SANS 2015 in Orlando, including a complete list of courses and bonus evening talks, or to register, please visit:

SANS Media Contact

About SANS Institute

The SANS Institute was established in 1989 as a cooperative research and education organization. SANS is the most trusted and, by far, the largest provider of cyber security training and certification to professionals at governments and commercial institutions world-wide. Renowned SANS instructors teach over 60 different courses at more than 200 live cyber security training events as well as online. GIAC, an affiliate of the SANS Institute, validates a practitioner's qualifications via over 30 hands-on, technical certifications in cyber security. The SANS Technology Institute, a regionally accredited independent subsidiary, offers master's degrees in cyber security. SANS offers a myriad of free resources to the InfoSec community including consensus projects, research reports, and newsletters; it also operates the Internet's early warning system--the Internet Storm Center. At the heart of SANS are the many security practitioners, representing varied global organizations from corporations to universities, working together to help the entire information security community. (