It explains the categories of information risks and the sources and nature of attacks on information. It also presents innovative approaches to security, based on the author's years of experience at major corporations. The classification of information, the use of classification to manage and protect information, and the role of the law on trade secrets are also explained. The discussion includes examples of actual policies and information security standards and discusses the technical aspects of information security management, including public key encryption and computer viruses. Figures, index, 25 references; and appended security survey, checklist, and related information are included.