THE MAIN PROBLEMS TO BE FACED ARE ACTS OF TERRORISM, VANDALISM, AND THEFT, AS WELL AS NATURAL DISASTERS, INCLUDING FLOODS, AND HURRICANES. THE MAJORITY OF COMPUTER ABUSERS ARE, IN FACT, COMMITTED BY MEMBERS OF THE INTERNAL ORGANIZATION. SECURITY PROGRAM OBJECTIVES SHOULD INCLUDE THE FOLLOWING CRITERIA: (1) ENSURE INTEGRITY AND ACCURACY OF DATA, (2) IDENTIFY PROPRIETARY OR SENSITIVE DATA, (3) PROTECT AND CONSERVE ASSETS FROM NATURAL DISASTERS AND OVERT HOSTILE ACTS, (4) ENSURE THE ORGANIZATION'S ABILITY TO SURVIVE HAZARDS, (5) PROTECT EMPLOYEES FROM UNNECESSARY TEMPTATION OR SUSPICION, (6) PROTECT MANAGEMENT FROM CHARGES OF IMPRUDENCE, (7) ESTABLISH A MANAGEMENT TASK FORCE. A TASK FORCE SHOULD COORDINATE AND IMPLEMENT THE SECURITY PROGRAM, AFTER ANALYZING THE STATUS OF THE ELEMENTS WHICH WILL AFFECT SECURITY. THESE INCLUDE CURRENT SECURITY, PERSONNEL, PHYSICAL SAFEGUARDS, INSURANCE, COMPUTER SYSTEM CONTROLS AND PROCEDURES, DATA SECURITY HARDWARE PROTECTION, SOFTWARE INTEGRITY AND ACCOUNTING CONTROLS, AND PROCEDURES. THE RESULTS OF THIS ANALYSIS WILL BECOME THE ORGANIZATION'S POLICY STATEMENT FOR COMPUTER SECURITY. THE FORMAL POLICY SHOULD INCLUDE OBJECTIVES, POLICIES, RESPONSIBILITIES, BUDGETS AND RESOURCES AS WELL AS PROVISIONS FOR MONITORING THE SYSTEM. IN ORDER TO IMPLEMENT THE PLAN, MANAGEMENT SHOULD TAKE THE ULTIMATE RESPONSIBILITY. FAILURE TO INITIATE SUCH PROGRAMS WILL INCREASE THE HAZARDS OF COMPUTER ABUSE IN THE FUTURE. (STB)