We will discuss the importance of having a security framework to plan, implement, and measure security progress within an organization. We will specifically discuss the fundamentals of the CIS Critical Security Controls framework as a recommended light-weight framework to start with, where to focus, and how to be successful in starting to implement a framework.