This document discusses the importance of getting buy-in from stakeholders for information security initiatives. It notes that security teams need to focus on business priorities and corporate strategy, understand the context of problems, and address risks and opportunities to remain relevant. The document recommends that security teams build relationships, share objectives, provide assurance on key metrics, and report on issues in a way that is simple and focused on what matters most to the business.