The applicable regulations must be made known to all employees and be available for reference. Experience shows that it is not enough to merely lay down security rules. Communicating them to employees is fundamental to enabling all those affected to actively use these specifications in their everyday work.
If regulations are disregarded by employees, the following security gaps can arise, for example:
• Confidential information may be discussed within earshot of outsiders—for example, while talking during a break in a meeting or on a mobile telephone in a public environment.
• Documents may be published on a web server without checking whether or not they are actually intended and approved for publication.
• Due to the incorrect administration of access rights, an employee may be able to modify data without realising the critical impact this violation of integrity could have.