Abstract: Evolving threats. Shrinking budgets. More to do. New compliance rules. Where do I start? How do I pick what’s most important? What are my peers doing? How do I get management support? Is security even achievable?The Center for International and Strategic Studies (CSIS) Critical Security Controls for Effective Cyber Defense can help you sort through the chaos and be your roadmap to success, whether you are a small shop, a large organization on its way to ISO 27000, or beholden to NIST 800-53. This consensus driven distillation of critical controls, driven by actual, not theoretical threats, draws from the experiences of not only some of the top commercial forensic investigators but many arms of government including the DoD, FBI, NSA, the Department of State, the Department of Energy Nuclear Laboratories, and more.These controls were formerly known as the SANS 20 Critical Security Controls.