The document provides tips for IT security professionals to effectively communicate security risks to the board of directors. It advises understanding the board's risk tolerance, identifying who owns the risks, exploring risk management frameworks, focusing presentations on solutions rather than problems, and emphasizing how risks impact business operations and the bottom line. The overall goal is to reassure the board that the company is protected while gaining their trust and support for security initiatives.