The second fundamental principle of information security is all about implementing and maintaining an effective programme for awareness, training and education of your information security management system (ISMS).
Steps to follow to achieve this:
The risk to your business of breaches of data security are real, on-going and ever-changing. That’s why your response to them should be real, on-going and ever-changing. Information security is a problem that never goes away, so your response to it should be ceaseless and all-encompassing. If you start by making your people highly aware of ISMS issues, you’re halfway there already.