V. Security Training

While most data losses are the result of human error, losses may be minimized by using a continuous program of formal and informal training. Managers must ensure that users develop an attitude that, when something goes wrong, the prob­lem will be reported immediately (i.e., reported problems should be seen as a positive rather than negative gesture). The sooner a security problem has been identified and reported with a complete and correct description, the greater the possi­bility that the problem can be corrected.