COMPUTER SECURITY INCLUDES DEVELOPING AND RUNNING SYSTEMS IN DATA PROCESSING AND USER DEPARTMENTS, BACKUP PROBLEMS, PHYSICAL SECURITY OF COMPUTER SYSTEMS, AND PERSONNEL RISKS; A TOTAL OF 70 DIFFERENT TYPES OF SECURITY BREACHES ARE POSSIBLE. ANY SYSTEM BREACH AFFECTS SYSTEM AVAILABILITY, INTEGRITY, OR CONFIDENTIALITY. PUBLIC CONCERNS FOR PRIVACY MAKE DEMANDS ON COMPUTER SECURITY IN TERMS OF CONFIDENTIALITY AND SYSTEM INTEGRITY. MANY ASPECTS OF PRIVACY ARE ETHICAL AND LEGAL IN NATURE. IN 1975, THE BRITISH GOVERNMENT CONCURRED WITH THE YOUNGER COMMITTEE'S RECOMMENDATIONS AND COMMITTED ITSELF TO LEGISLATION ON PRIVACY AND COMPUTERS. TO MAKE THAT LEGISLATION BOTH BALANCED AND PRACTICAL, THE COMPUTING COMMUNITY SHOULD PRESENT ITS VIEWPOINTS. A SURVEY BY THE NCC SHOWED THAT COMMUNICATION IS A MAJOR PROBLEM; AS A RESULT NCC HAS PRODUCED A FREE BOOKLET TO EXPLAIN COMPUTER SECURITY. OF 150 COMPUTER USERS SURVEYED, MOST REPORTED THAT SECURITY BREACHES AROSE FROM MECHANICAL, COMMUNICATIONS, OR SOFTWARE PROBLEMS, NOT FROM FRAUD, FIRE, AND FLOOD. EXTERNAL AUDITORS WERE THE MAIN SECURITY INFORMATION SOURCE OUTSIDE THE ORGANIZATION. ORGANIZATIONS MADE LITTLE EFFORT TO SIMULATE THREATS AND TEST BACKUP PROCEDURES. ABOUT TWO THIRDS OF THE ORGANIZATIONS WERE SATISFIED WITH THEIR GENERAL SECURITY ARRANGEMENTS, BUT THE INTERVIEWS TENDED TO RAISE AWARENESS OF POTENTIAL SECURITY PROBLEMS. IN GENERAL, BASIC SECURITY MEASURES INCLUDE GOOD PERSONNEL SELECTION, PROPER SUPERVISION, DIVISION OF RESPONSIBILITIES, USE OF SPOT CHECKS, AND CHANGING OF ROUTINES. NCC IS IMPLEMENTING SURVEY RECOMMENDATIONS TO DEVELOP A CENTRAL REFERENCE BODY AND CODES OF PRACTICE AND GUIDELINES ON COMPUTER SECURITY, TO PROMOTE RISK MANAGEMENT, AND TO PROVIDE EDUCATION AND TRAINING. A CURRENT MAJOR QUESTION ASKS WHERE RESPONSIBILITY FOR COMPUTER SECURITY LIES. A TABLE IS INCLUDED. (CFW)