Cybersecurity and privacy risks are intensifying as threats become more widespread and as consumer and regulator expectations increase. Although many security standards and frameworks define core security capabilities in the domains of human risk management, process risk management, and technology risk management, most omit oversight capabilities that determine how to ensure appropriate governance and alignment between stakeholders. This report explains how cybersecurity and privacy oversight, a domain shared among IT and business leaders, provides the necessary alignment to organizational goals and the allocation of resources to ensure that those goals are met.