A CIO for a marketing company was in a state of panic. He recently received a 20-page information security audit questionnaire from one of the company’s largest clients, a national bank. The questionnaire was a detailed self-assessment asking the company to verify the actions it took to protect bank information as per the Gramm-Leach-Bliley Act.