MAJOR TYPES OF COMPUTER RESOURCES TO BE PROTECTED ARE INTELLECTUAL PROPERTY (DATA AND PROGRAMS), PHYSICAL PROPERTY (EQUIPMENT AND SUPPLIES), AND COMPUTER SERVICES AND PROCESSES. MISUSES OF INTELLECTUAL PROPERTY CONCERN UNAUTHORIZED MODIFICATION, DESTRUCTION, AND DISCLOSURE. WITH REGARD TO PHYSICAL PROPERTY, MISUSES INCLUDE UNAUTHORIZED MODIFICATION AND THEFT. MISUSES PERTAINING TO SERVICES AND PROCESSES INVOLVE UNAUTHORIZED USE OR DENIAL OF AUTHORIZED USE. DATA SECURITY MEANS KEEPING UNAUTHORIZED PERSONS OUT OF A SYSTEM AND PROTECTING AGAINST FRAUD. IT IS NECESSARY THAT AN ORGANIZATION HAVE AN OVERALL COMPUTER SECURITY PROGRAM WITHIN WHICH PROCEDURES CAN OPERATE, BASED ON MANAGEMENT POLICY AND SUPPORT. BASIC ELEMENTS IN A SECURITY PROGRAM ARE DELINEATED, INCLUDING COMPUTER SECURITY POLICY AND CONTROL, THE EDP AUDIT FUNCTION, SYSTEM DESIGN STANDARDS, CONTRACTS, INSURANCE, AND IMPLEMENTATION STRATEGIES. INTERNAL EXPOSURE AREAS OR SYSTEM VULNERABILITIES THAT CAN RESULT FROM UNAUTHORIZED ACTIONS OF INTERNAL PERSONNEL OR OUTSIDERS ARE MODIFICATION OR DESTRUCTION OF DATA, DISCLOSURE OF STORED DATA, AND MODIFICATION DESTRUCTION, OR DISCLOSURE OF PROGRAMS. EXTERNAL VULNERABLE AREAS INCLUDE MODIFICATION, DISCLOSURE, OR DESTRUCTION OF DATA STORED EXTERNAL TO A SYSTEM, MODIFICATION OR DESTRUCTION OF PROGRAMS EXTERNAL TO A SYSTEM, DISCLOSURE OF PROGRAMS STORED EXTERNAL TO A SYSTEM, MODIFICATION OR DESTRUCTION OF COMPUTER EQUIPMENT OR SUPPLIES, AND USE OF COMPUTER SYSTEM SERVICES. CAPSULE DESCRIPTIONS OF 83 PROCEDURES OR ACTIONS AIMED AT DETECTING AND/OR PREVENTING MISUSE OF DATA PROCESSING SYSTEMS ARE PROVIDED; E.G., JOB ROTATION, INPUT-OUTPUT VOLUME COMPARISON AGAINST PREDICTED REQUIREMENTS, AUDITS WITH TEST DATA, OPERATIONS AREA SURVEILLANCE, ALARM SYSTEMS, PASSWORD PROTECTION SYSTEM, SENSITIVE FILE ACCESS LOG, OFF-HOUR TERMINAL DISCONNECT, AND LOCKABLE INPUT-OUTPUT DATA STORAGE.