The document discusses techniques for communicating the value of security to business decision makers using metrics. It suggests gathering metrics on risk and business impact to demonstrate how security strategies minimize risk and maximize business value. Examples show how to present metrics on reducing vulnerabilities, compliance costs, and aligning security with business objectives. The goal is to translate technical security information for non-technical executives using relevant financial and risk terminology.