This document provides recommendations for security leaders to create a business-focused security department that provides value to the enterprise. It discusses communicating security issues using common business terms, measuring the value of security programs through meaningful metrics, analyzing the total costs of security, developing a shared security strategy with business units, and selecting next generation security leaders with skills in business alignment, risk management, compliance, and performance measurement. The intended audience is security leaders seeking to ensure their department is valued by the business.