There is no doubt that when we talk about information in the professional field, we are referring to one of the most important assets that manage companies as a basic element on which is based, perform and provide their services. Therefore the management of this information is personal, economic, strategic or organisational cobra a vital importance for the achievement of the set objectives and the good business development. This importance of information creates a need for control and management of the security on the same and not only from a legal point of view in terms of personal data is concerned, but generally to the information managed by a company, becoming an important complement and which brings a plus of trust and commitment to clients or others outside the company. As an example of this point is the increasingly accepted and even required application of ISO standards in recruitment between companies at the international level. But this article wanted to emphasize not the desirability or even need to adopt this type of standards, but one of the most important points that accompany its implementation and necessary requirement for its success, training.
Like any project that includes a new element in the functioning of a company structure, the implementation of an information security management system passes through phases of study, development, approval and implementation, leaving at this point the new protocols established and active, but cannot be understood as complete without the necessary formative work and awareness to the staff concerned. We could use the analogy that it serves little buy a car if you don’t know driving, so the training factor takes capital significance. The average user, that handles confidential information of the company on a daily basis, typically has no knowledge advanced on information security, based its way of working on standards that we call common sense, favoring this basic knowledge to leave lagoons of security that can cause not only financial damage to the company in the form of penalties but lost confidence of present and future clients and therefore lost business. You should be considered which is therefore a fundamental element that within an organization promote continuous training actions aimed at employees looking for an awareness about the importance and necessity of the application of the rules established by the company in the field of security, seeking to understand the why and for what they do and their commitment to its implementation..