The four study sites -- the Massachusetts Institute of Technology, the State of Illinois, TRW Systems, Inc., and the IBM Federal Systems Center -defined security requirements and developed some field-tested guidelines. One participant was asked to evaluate the impact of introducing a secure operating system to an existing installation. Another was asked to determine if data security can be measured, while another was requested to evaluate what economic tradeoffs are appropriate when deciding what kind of and how much security is required. The fourth site was asked to determine how a computer system can best authorize access to information. The Illinois study found a need for increased privacy and data security awareness in most organizations. Further, it found that to achieve greater security, many organizations will have to raise their level of physical security and introduce new administrative techniques. The cost and difficulty of achieving an increased level of security were found to depend on the nature of the organization and the degree of its past emphasis on security. The MIT study concluded that different industries perceive the need for and the problem of data security in different terms and that security responsibility should be decentralized to be effective in large multiuser computer system environments. The major findings of the TRW study were that no existing computer system is completely secure and that the certification of the computer system for security is not within the current state-of-the-art. A total of 187 requirements were identified to counteract a system's vulnerabilities. The IBM study found that special security procedures are required at installations where operators control computer operations. The study further concluded that a central security officer should control the authorization of access to data. The contents of the four complete reports are outlined.