SECURITY TECHNIQUES CAN MINIMIZE LOW-LOSS, HIGH-FREQUENCY INCIDENTS, INCLUDING PROGRAMMING MISTAKES AND FAULTY DATA INPUT. PHYSICAL SECURITY PROCEDURES, SUCH AS ISOLATING THE COMPUTER ROOM AND RESTRICTING ACCESS TO IT AND RIGID ENFORCEMENT OF PROCEDURAL SAFEGUARDS, ARE BASIC PROTECTIVE TOOLS. ADMINISTRATIVE APPROACHES RANGE FROM CAREFUL PREEMPLOYMENT SCREENING OF PERSONNEL TO STRICT RULES PROHIBITING PROGRAMMERS FROM RUNNING THE PROGRAMS THEY DEVISE. ADDITIONALLY, BUILT-IN SOFTWARE MECHANISMS CAN CURB UNAUTHORIZED ACCESS TO COMPUTERS FROM TERMINALS. DEVISING A COST-EFFECTIVE COMPUTER SECURITY PLAN REQUIRES ANALYZING THE VARIOUS TYPES OF THREATS TO A COMPUTER SYSTEM, THE VALUE OF EACH ASSET TO BE PROTECTED, AND THE PROBABILITY THAT A PARTICULAR LOSS MIGHT BE INCURRED. IN ASSESSING VULNERABILITY, PEOPLE IN THE HIGHEST POSITIONS OF TRUST WHO COULD ACCIDENTALLY OR INTENTIONALLY CAUSE THE GREATEST AMOUNT OF HARM SHOULD BE IDENTIFIED. LIMITED SECURITY RESOURCES SHOULD THEN BE ALLOCATED TOWARD THE GREATEST THREATS. AVAILABLE SOFTWARE SECURITY CAN ERECT BARRIERS TO WOULD-BE COMPUTER CRIMINALS AND HELP DETECT ABUSES AFTER THEY OCCUR. WITH A COMPUTERIZED AUDIT TRAIL, THE SYSTEM CAN HELP PREVENT INSIDERS FROM MAKING CHANGES IN DATA AND THE WAYS DATA ARE HANDLED. HOWEVER, THE MECHANISM THAT DOES THE AUDITING IS VULNERABLE. A COMBINATION OF PROCEDURAL CONTROLS AND PHYSICAL PROTECTION CAN HELP GUARD AGAINST MISUSE OF THE AUDITING MECHANISM. A CHECKLIST FOR DETERMINING VULNERABILITY, A PROFILE OF THE COMPUTER CRIMINAL, AND RECENT TECHNOLOGICAL ADVANCES IN COMPUTER SECURITY ARE INCLUDED. (RCB)