To use information the user must be well informed and must be aware of the risks and security initiatives. Security measures are effective if the user is aware of the functioning and the possible risks. Some of the issues regarding awareness are:
• Level of detail disclosed must not compromise security.
• Appropriate knowledge is available to all parties involved and have right to be informed, not just the users.
• Awareness must be propagated to the new workers in the organization.
• Recognition and maintenance of awareness must be continuous.
Since the varying nature of the information system, it must be reassessed periodically. Some of the issues regarding reassessment are:
• Increase in dependence on the information systems requiring an upgrade to the business continuity plans and arrangements.
• Changes to the information systems and their infrastructures.
• New threats to the information system requiring better safeguards.
• Emerging security technologies providing more cost effective safeguards than were possible earlier.
• Different business focus, or organizational structure, or legislation necessitating a change in existing level of security.