Boards increasingly consider IT security as a critical business risk. Well publicised security breaches highlight the importance that good security policies, technologies and professionals play in reducing that risk. But time blurs memories. How do chief information security officers enhance or maintain board-level support for security policies and ensure that these flow through the organisation – an even greater challenge when the company is international with its headquarters overseas?