Recent, well publicised security breaches have highlighted the importance that good security policies, technologies and professionals play in reducing risk to an organisation. But time blurs memories. How do chief information security officers enhance or maintain board-level support for security policies and ensure that these flow throughout the organisation – particularly when the company is international with its headquarters overseas?