Even with the demands for the functionality offered by mobile code, security policies must be written to protect your organization's system and networks from malicious mobile code. Considering these problems, one way to create your mobile code policy is to analyze each of the technologies used and assign them to a risk category based on their potential threat. Each of the risk categories is then assigned to a corresponding policy for their usage. There is no formula for assigning risk. However, one of the best ways to do this risk assessment is to base the risk on how well the technology controls access to the system that will run this code. The policies can then be written based on how the user will access mobile code. Using this method, a High Risk technology can be used within the organization's intranet with appropriate controls while denying their usage when served via the Internet.