Organizations expect CISOs to show their peers in the executive suite how security aligns to business needs. But too many CISOs focus only on delivering technical controls, which results in a poor experience for the business. Instead, security leaders should explain to business stakeholders what they’re getting when they invest in security and how it fits with their priorities. This report explains how to develop a security process framework that demonstrates competence by describing business-aligned services and optimizing these services for business and customer success.