Information security receives inadequate support from most corporations, although top management is concerned about security. However, top management often believes that its data processing operations are much more tightly controlled than do the heads of internal audit departments and data processing managers. Top management needs to recognize that changes related to computer technology and liabilities require new corporate efforts to protect information. Major assets and resources affected by computerization include information, services, negotiables, personnel, inventories, and equipment. Potential proprietary information requiring protection includes financial information, organizational information, marketing information, and technical information. Security measures should include organizational measures, security administration, personnel security, physical security, environmental controls, disaster controls, communications security, and computer security. Protective strategies include containment, deterrence, obfuscation, and recovery. The major approaches to information security are based on physical security, procedural security, technical security, telecommunications security, and contingency planning. A program to protect information should use four steps: planning, implementation, evaluation, and reporting. List of professional organizations and 16 references.