V. Security Training
While most data losses are the result of human error, losses may be minimized by using a continuous program of formal and informal training. Managers must ensure that users develop an attitude that, when something goes wrong, the problem will be reported immediately (i.e., reported problems should be seen as a positive rather than negative gesture). The sooner a security problem has been identified and reported with a complete and correct description, the greater the possibility that the problem can be corrected.