The board of directors primarily provides strategic oversight and governance, setting the direction for the organization's security policy and posture. The implementation of specific security controls and protocols is typically carried out by the IT and security teams within the organization, not the board. The board may govern and guide this process, but they do not engage in the actual implementation, making the answer false.