MANAGERS SHOULD ANALYZE THE RISKS INVOLVED BY DETERMINING WHETHER THE ASSETS OF THE DATA PROCESSING OPERATIONS ARE ADEQUATELY PROTECTED. DATA PROCESSING ASSETS AND PHYSICAL ASSETS SHOULD BE ASSESSED SEPARATELY. MANAGERS SHOULD IDENTIFY ALL TYPES OF THREATS AND ESTIMATE AN OCCURRENCE PROBABILITY AND COST. ALSO, MANAGERS SHOULD OCCURRENCE PROBABILITY AND COST. ALSO, MANAGERS SHOULD PHYSICAL DESTRUCTION OR THEFT, FRAUD, AND EMBEZZLEMENT. SECURITY INCLUDE FIRE DETECTION AND EXTINGUISHMENT. THE THREATS OF SOFTWARE ERROR, OTHER ERRORS AND OMISSIONS, SABOTAGE, AND THEFT CAN BE PREVENTED BY DATA CENTER ACCESS CONTROL, INPUT/OUTPUT DATA CONTROL AND STORAGE, PASSWORD PROTECTION, EMPLOYEE TERMINATION POLICY, AND APPLICATION SYSTEM DESIGN VERIFICATION AND TEST. DETECTION SAFEGUARDS INCLUDE OPERATION ARE A SURVEILLANCE, AREA ALARM SYSTEMS, INTERNAL CONTROL LOGS, DATA HANDLING AUDIT, AND SELECTED TRANSITIONS AUDIT. THESE ALSO APPLY TO THE THREATS OF WATER DAMAGE, UTILITY OUTAGE, AND HARDWARE FAILURE. FINALLY, THE COST AND BENEFITS OF THE SECURITY MEASURES SHOULD BE ANALYZED. ALTHOUGH THREAT OCCURRENCE PROBABILITIES AND EXPOSURE COSTS ARE DIFFICULT TO MEASURE, THE ARTICLE SUGGESTS THE DEVELOPMENT OF CONTINGENCY PLANS FOR BACKUP OPERATIONS, DISASTER RECOVERY, AND EXPECTED EMERGENCIES; SECURITY AWARENESS THROUGHOUT THE ORGANIZATION; AND CONTINUOUS AUDITS AND TESTS TO CHECK EMERGENCY MEASURES AND IMPROVE EXISTING WEAK SECURITY MECHANISMS. TABLES AND DEFINITIONS ARE INCLUDED. (JLF)