NINETEEN BASIC CATEGORIES HAVE BEEN IDENTIFIED IN WHICH A DATA PROCESSING APPLICATION CAN BE MANIPULATED TO STEAL ASSETS OR INFORMATION OR TO KEEP THE SYSTEM FROM FUNCTIONING AS INTENDED. FOUR OF THESE CATEGORIES ACCOUNT FOR 62 PERCENT OF KNOWN COMPUTER CRIMES: ADDING FRAUDULENT INPUT DATA, STEALING MASTER FILE INFORMATION, SABOTAGING THE COMPUTER FACILITY, AND UNAUTHORIZED COMPUTER USAGE. AN ANALYSIS OF PUBLISHED DATA ON COMPUTER CRIME CASES SHOWS THAT 10 OF THE REMAINING CATEGORIES -- SUPPRESSING OR ALTERING OUTPUT, ALTERING MASTER FILES, INTRODUCING DELIBERATE BUGS, SABOTAGING FILES OR OUTPUT, PARTIAL POSTING OF TRANSACTIONS, THEFT OF OUTPUT, COUNTERFEITING OUTPUT, INTERCYCLE MASTER FILE TAMPERING, THEFT OF THE MASTER FILE FOR RANSOM, AND INTERFACE DEFICIENCIES -- ACCOUNT FOR ONLY 11 PERCENT OF THE PUBLISHED CASES. OF THESE, COUNTERFEITING OUTPUT, THEFT OF MASTERFILES FOR RANSOM, AND INTERFACE DEFICIENCIES HAVE ONLY LIMITED OPPORTUNITY OR ARE UNATTRACTIVE CRIMES. ALL BUT THREE -- THEFT OF OUTPUT, COUNTERFEITING OUTPUT, AND THEFT OF THE MASTER FILE FOR RANSOM -- WOULD PROBABLY BE DISCOVERED IN-HOUSE; THE LOW PUBLISHED RATE SEEMS MOST LIKELY TO BE RELATED TO SUPPRESSED PUBLICATION OF CASES DISCOVERED IN-HOUSE AND THE FAILURE TO DISCOVER OR CORRECTLY IDENTIFY THEM. THE REMAINING 7 OF THE 10 CRIMES PRESENT A SPECIAL RISK BECAUSE THE PUBLISHED STATISTICS DO NOT GIVE THE TOTAL PICTURE OF THE DISCOVERED RATE, WHICH IS PROBABLY A SMALL FRACTION OF THE ACTUAL OCCURRENCE RATE. ELECTRONIC DATA PROCESSING MANAGERS MAY BE PLACING TOO MUCH ATTENTION ON THE FOUR MAJOR COMPUTER CRIMES WHILE IGNORING THESE SEVEN. SPECIFIC COUNTERMEASURES THAT MUST BE TAKEN TO PROTECT AGAINST THE IDENTIFIED CATEGORIES OF COMPUTER ABUSE ARE NOTED, INCLUDING ESTABLISHMENT OF A PHYSICALLY SECURE ENVIRONMENT, EFFECTIVE CONTROL OVER SYSTEM CHANGES, CONTROLS ON ACCESS TO AND USE OF DATA PROCESSING RESOURCES, AND AUDIT PROCEDURES WHICH ALLOW FOR THE VERIFICATION OF PROCESSING INTEGRITY. TABULAR DATA ARE PROVIDED. NO REFERENCES ARE CITED. (KBL)