Responses suggest that most professionals believed that it is significantly harder to apply security and privacy measures in the OA environment than in traditional EDP areas. While a majority of respondents felt that senior management was aware of privacy and security issues, few felt their organizations were providing adequate financial support or taking active steps to assess security, formulate policy, or audit performance. Insufficient training and education of end-users was viewed as a factor contributing to security risks. Responses concerning physical and technical security measures in use suggested that relatively low-level safeguards are being applied in OA settings. A third of the organizations did have plans to survey practices and conditions relevant to OA privacy and security, and security professionals indicated they wanted to install significant and responsive policies. This, coupled with increasing managerial awareness of the issues, suggests that organizational support for control measures will probably grow as issues are better publicized and exposures are identified.