Management participation in a risk assessment survey includes coordinating the effort, selecting and executing the questionnaire, and analyzing the information in the form of a risk assessment plan. An integral part of this plan is costing up necessary upgrades. Precautions against external predators accessing critical data include maintaining a current list of authorized system users, using a random password generator, using a system watchdog feature that logs users off after a pre-determined time limit, maintaining a complete system audit trail, and using a call-back system. An Information Security Plan should be used as a planning tool and a way to inform management of current risks and countermeasures. The most common method of achieving information security is the use of passwords used in conjunction with a data encryption scheme and physical security measures. Building block security measures include physical, personnel, regulatory, hardware, software, and network components. Two critical areas of physical security are environmental protection and disaster recovery. Employee and legal issues are also involved in this complicated area. Employee awareness programs can assist in implementing a sound security plan. 10 references. (Author abstract modified)