Part 1 surveys the vulnerabilities of electronic information, security implications of personal computers, and the direct relationship between the value of business information and the use of properly designed computing. Part 2 outlines the IRM system, with attention to the design and technology of information systems, assessing the value of business information, a written policy and written standards governing information security, and controls over information processing activities. Part 3 discusses the benefits of the IRM approach over risk assessment, as are computerized access control systems, protection for personal workstations and communications, and the place of informational security in the organizational structure. Additional topics covered include contingency planning for alternative information systems and suggestions on beginning an IRM program. Case studies are used throughout the text. Appendixes provide checklists, examples of IRM policies and other directives, and a computer crime legislation proposal. A glossary, 32 references, and an index are supplied.