Topics covered include getting the most cost-effective security protection, developing logical access control programs, ensuring that application programs include controls over data editing and file updating activities, selecting physical control systems, protecting data communicated by telephone and satellite, preventing losses due to error or omissions, and dealing with disruptions. A detailed checklist provides step-by-step guidelines for meeting computer security responsibilities ranging from staff training and system design to disaster contingency planning. A section on electronic data processing audits describes what to expect from auditors, how to keep them from obtaining sensitive information without authorization, and how to deal with incorrect or unfair audits. Ways in which the audit can be used to improve the quality and security of computer operations also are described. Also covered are risk assessment, security review scheduling, and qualitative and quantitative methods for developing loss expectancies and formulas for measuring them against the costs of adding or deleting controls. Procedures for investigating and prosecuting computer-related fraud and abuse are examined. Finally, special security problems are discussed, including supervising computer security personnel, protecting microcomputers, and planning for future security needs. Index. (Publisher abstract modified)