RECOMMENDED STEPS IN ASSESSING SECURITY NEEDS INCLUDE DEFINING THE ASSETS REQUIRING PROTECTION, ENUMERATING POTENTIAL THREATS TO THE SECURITY OF ASSETS, AND ESTIMATING THE DEGREE OF SECURITY EXPOSURE OF EACH ASSET. A SYSTEM FOR REDUCING SECURITY EXPOSURES THROUGH APPLYING ELECTRONIC DATA PROCESSING SYSTEMS CONTROLS, PHYSICAL SECURITY CONTROLS, ADMINISTRATIVE CONTROLS AND LEGAL CONTROLS. A SUGGESTION IS MADE THAT A PERIODIC EVALUATION BY AUDITING TEAMS AND MANAGEMENT BE CONDUCTED. LEGAL AND TECHNOLOGICAL LIMITATIONS ON SECURITY SYSTEMS ARE EXPLAINED. A SELECT BIBLIOGRAPHY OF BOOKS AND ARTICLES ON COMPUTER SECURITY FROM SOURCES GENERALLY UNFAMILIAR TO MOST LAWYERS AND MANY OF WHICH CONTAIN REFERENCES TO LEGAL ISSUES AND CASE CITATIONS IS INCLUDED. (AUTHOR ABSTRACT MODIFIED)