The more we rely on automated systems to provide essential services in our daily lives, the more we must recognize the vulnerability of these systems and the importance of taking appropriate security measures. Computer system security should ensure that automated systems, data, and services receive appropriate protection from accidental and deliberate threats to confidentiality, integrity, and availability. Absolute security is an unrealistic goal. A natural disaster or an adversary with sufficient resources and ingenuity is enough to compromise even the most secure systems. The optimum security system balances the cost of implementing protective mechanisms with the reduction in risk achieved.