Management policies and procedures needed for effective computer security.

Although many security issues are controlled by legislative ruling and social standards, or are constrained by technological limitations, many other important matters of operational computer security are directly or indirectly under managerial control. The author argues that the necessary control policies and procedures will become increasingly critical as our reliance upon computer-based information systems continues to increase. This article presents a comprehensive framework for understanding the various aspects of computer security. Through this framework, those areas controllable by management are identified, and possible actions are proposed.