The lack of specific hardware security features and operating systems without privileged instructions calls for greater emphasis on physical access controls, careful media management (with attention to 'erased' but still-readable files), and consideration of encryption as a means of increasing data security. Other important security areas are contingency planning (especially equipment and software compatibility), auditability, and access to host mainframe systems. A new opportunity is the chance to isolate sensitive applications on dedicated, non-communication systems. In general, the 'traditional' computer security measures are still important and adequate in the PC world. Management must recognize its responsibility for protecting information, not machines, and should use a risk-management approach to implementing security measures. (Publisher abstract)