The most important issue for any organisation facing the decision on how to proceed on its Data Security journey, relates to how aware the staff are about data security in the first place. Without some knowledge and understanding (two very different things), the staff cannot know what to do to protect the organisation nor can they know why they should do it. Furthermore, without a wider awareness of the scale and scope of data security issues, the decision-makers in the organisation cannot determine how best to operate the organisation smoothly while managing Data Security issues competently and cost-effectively.