This handbook is intended to promote sufficient knowledge by Board members, in any corporate structure, to allow the Board as a whole to respect its mandate for oversight and strategy of information security by evaluating the effectiveness of the risks their organization is facing, in a full and comprehensive manner, and how it is mitigating those risks.