The emphasis on process maturity is not meant to be some sort of magic management bullet that will solve all security problems, but the selective use of TQM techniques is slowly but surely improving the infosecurity practice. For example, because we understand better why we are performing certain control activities, we are getting better at communicating their benefits to the rest of the business. The CISOs using these techniques are doing a better job of choosing priorities and goals, and they are winning the respect of the non-IT managers because they can explain it.