Therefore, personnel security officials should determine how best to change the existing perceptions of employees and outsiders regarding both the risks of being caught in computer crime activities and the perceived payoffs from such activities. Actions that organizations can take to change employee attitudes include training about the legal as well as ethical aspects of information security, the establishment of social control mechanisms emphasizing that computer crime lets down colleagues, making control and security monitoring more visible, and distribution of information about punishments given to convicted computer criminals. Security professionals should be aware of what social science researchers know and do not know about deterrence, as well as the problems involved in applying the concept to computer crime. Deterring computer crime will require improved legislation and the study, development, and implementation of appropriate security measures. Deterrence of computer crime should focus on tailoring penalties to computer crime severity. Changes are also needed with respect to mandatory reporting. 26 references (Author abstract modified)