V. Security Training
While most data losses are the result of human error,
losses may be minimized by using a continuous program of formal and informal
training. Managers must ensure that users develop an attitude that, when
something goes wrong, the problem will be reported immediately (i.e., reported
problems should be seen as a positive rather than negative gesture). The sooner
a security problem has been identified and reported with a complete and correct
description, the greater the possibility that the problem can be corrected.