ABSTRACT
Basic requirements for system security are evaluation of the data at risk, assessment of the vulnerabilities of the data, and evaluation of the methods that can be used to reduce the threat to data to an acceptable level of risk. This process results in a written security policy (i.e., the set of laws, rules, and practices that regulate how an organization manages, protects, and distributes sensitive information).
