Develop and distribute a code of conduct for using ICT
You should establish a rule of conduct for employees working in the organization (for example clause in employment contract) or leaving the organization to protect that important information is floating out of your organization.
Your code of conduct can be the foundation of your security program and is centred around confidentiality, integrity and the availability of information within your organization.
Setting the objectives, and then defining and monitoring the indicators of the outcomes, is crucial for directing action and for staff buy-in. These tools should allow you to speak the same language and refer to understandable and well-defined elements.