Members of corporate boards feel they should be much more actively involved in ensuring the organizations they oversee are adequately addressing cybersecurity. That doesn't mean members of the board of directors want to personally configure firewalls or procure intrusion detection systems -- just that they should make sure someone is doing so. The question is how to do that. IT security audit organization ISACA and theInstitute of Internal Auditors (IIA) are trying to provide answers on the proper role of board members with their report, "Cybersecurity: What the Board of Directors Needs to Ask," available at no charge through the IIA bookstore.