Using a framework to prioritize security projects and spending is paramount. This talk will give a high level overview of the SANS 20 Critical Security Controls and how the framework can be used to help provide security strategies to today's enterprise.