In today's world, to achieve true information security one must do more than just check a box for compliance. Business drivers and funding options are based on measurable results or satisfying regulatory obligations. Enter the SANS 20 Critical Security Controls for Effective Cyber Defense. The CSCs are a framework based around the philosophy that "offense must inform defense" with a focus on a list of the controls that would have the greatest impact in improving risk posture against real-world threats. By taking a holistic security approach, the CSCs provide an objective security model without limiting themselves to a single industry or dataset. Learn about the 20 controls and how to apply them in your environment.