An overview of computer security focuses on the challenge of new computer technologies and concerns about sensitive information and information loss. The development and updating of a structured security plan is recommended for each VA department, staff office, computer facility, and field station. Security plan components are goals, risk management, contingency planning, key actors, guidelines and procedures, audits, training, documentation, and resources. Procedures for computer personnel security encompass the determination of job sensitivity, applicant evaluations, a security briefing for new personnel, continuous security checks, security violations, and procedures when an employee leaves a sensitive position. Procedures for computer physical security address access controls, the environment, the handling and storage of media, 'housekeeping,' fire prevention, and the protection of storage areas and remote terminals. Procedures for information security focus on the protection of sensitive information from unauthorized disclosure, alteration, or loss. The steps required to verify and maintain the accuracy and currency of information are also described. Information on VA staff responsibilities and training for security officers is appended. 33-item bibliography, glossary, and subject index. glossary, and subject index.