There are many laws and regulations requiring information security programs and these programs must be built based upon risk assessments related to safeguarding customer information. Financial leaders must realize this and must work with their board of directors or a sub-committee of the board to satisfy the specific requirements and make sure that the security program is developed, implemented and maintained. Financial institutions must also realize that along with the bad publicity that they get, they also loose customers. Risk assessments are the foundation of any good risk and security program, says Rebecca Herold.”]