This document presents the result of a major review of the computer security procedures which are currently employed in the public and private sector. Over eighty techniques are described and are classified in terms of strengths, weaknesses, costs, and target vulnerabilities.
The document also includes a discussion of the legal implications associated with computer security failure and an analysis of the legal issues relating to proprietary interests in computer programs. A discussion of the development of computer usage is also included. Appendixes present case studies in selection and approval of controls and the baseline review method.