AS COMPUTERIZED DATA BASES INCREASE IN SIZE AND AS TERMINALS THAT PROVIDE ACCESS TO THE DATA BASES INCREASE IN NUMBER, OPPORTUNITIES FOR ABUSE EXPAND. THREATS TO DATA INTEGRITY AND CONFIDENTIALITY ARE SUCH THAT SECURITY MEASURES MUST GO BEYOND THE PHYSICAL PROTECTION OF DATA-PROCESSING FACILITIES AND THE ASSIGNMENT OF PASSWORDS TO SYSTEM USERS. ORGANIZATIONS WITH COMPUTERIZED DATA BASES SHOULD CONSIDER TAKING THE FOLLOWING STEPS: (1) ESTABLISHING A POSITION OF DATA SECURITY ADMINISTRATOR; (2) AUTHORIZING ACCESS TO THE SYSTEM BY JOB RATHER THAN BY USER (E.G., RATHER THAN ALLOWING A GIVEN EMPLOYEE TO ACCESS THE ENTIRE SYSTEM BY ENTERING A PASSWORD, ALLOWING ACCESS ONLY TO CERTAIN FILES UNDER CERTAIN CONDITIONS); AND (3) MAINTAINING A LOG OF ALL ATTEMPTS TO ACCESS THE SYSTEM. IN STEPPING UP ITS SECURITY PROGRAM, AN ORGANIZATION SHOULD DETERMINE PRIORITIES FOR DATA PROTECTION BY COMPARING VULNERABILITY TO REPLACEMENT COST. MOST ORGANIZATIONS WILL WANT TO GIVE TOP PRIORITY TO THE SOFTWARE THAT OPERATES THE COMPUTER SYSTEM ITSELF. IN MANY CASES, THE LOSS OR ALTERATION OF THIS SOFTWARE COULD PROVE RUINOUS. EXAMPLES OF COMPUTER ABUSES AND THEIR CONSEQUENCES ARE CITED. (LKM)