This presentation will focus on improving organizational security by using a security methodology and framework. Multiple frameworks will be discussed, but we will focus primarily on the Center for Internet Security Critical Controls methodology. We will discuss how to begin implementing a framework, how to start making progress and methods for evaluating and measuring security performance. Finally, we will open it up to discussion and answer your questions, discuss pitfalls, and help navigate these security seas.