WITH THE DEVELOPMENT OF COMPUTER TECHNOLOGY, THERE IS A CORRESPONDING NEED FOR SECURITY PROCEDURES DEVELOPMENT. BY 1977, MORE THAN 500 COMPUTER-RELATED CRIMES HAD BEEN DOCUMENTED. SUCH CRIMES INCLUDE INTERNAL THEFT, EMBEZZLEMENT, THEFT OF PROPERTY AND SERVICES AND OTHER BUSINESS SECRETS, AND EVEN THEFT FOR RANSOM OF SOFTWARE AND COMPUTER EQUIPMENT. COMPUTER CRIME ALSO INCLUDES UNAUTHORIZED DUPLICATION OF A PROGRAM, DATA ENTRY VIA TERMINALS AND COMMUNICATION SYSTEMS, WIRETAPPING, AND EAVESDROPPING. EXAMPLES ILLUSTRATE THE CRIMES LISTED. REMEDIES AND SAFEGUARDS FOR SUCH BREACHES OF SECURITY ARE TO ELIMINATE OBSOLETE PROGRAMS AND EXTRA DOCUMENTS, INSTITUTE FORMAL PROCEDURES FOR CORRECTING INPUT DATA, AND INITIATE SECURITY PROCEDURES CONCERNING REMOTE TERMINALS. OTHER PRECAUTIONS ARE PROCEDURAL CONTROLS SUCH AS PROCESSING RESTRICTIONS, AUDIT CONTROLS, PHYSICAL PROTECTION, PERSONNEL SECURITY MEASURES INCLUDING THOSE THAT APPLY TO EXECUTIVE LEVEL PERSONNEL, AND, AS FINAL MEASURE, INSURANCE. A VULNERABILITY TAXONOMY IS PROVIDED IN THE APPENDIX THAT LISTS 17 GENERAL TYPES OF COMPUTER CRIMES AND DEFINITIONS OF EACH. A BIBLIOGRAPHY ALSO IS FURNISHED. (RFC)