Executive Summary  Information security is a familiar topic to the board of directors of every banking institution. Years ago, the Federal Financial Institutions Examinations Counsel (FFIEC) published guidance concerning securing banks against losses from cyber intrusions. The guidance is very explicit. The board is responsible for overseeing the development, implementation and maintenance of the institution’s information security program. The board should provide guidance and review management’s actions, as well as approve written information security policies and programs at least annually. The board also should review management’s annual report on its compliance with the privacy provisions of the Gramm-Leach-Bliley Act. Other...