Education for both users and management should focus on computer ethics and data security policies. In the area of legislation, State laws resemble features of the Model Computer Crime Bill, especially regarding definitions of computer data and software as property and the specification of 'computer trespass' as a crime. Federal legislative initiatives are protecting more and more interstate computer systems. Deterrence should focus on tailoring penalties to computer crime severity, with some penalty imposed for even minor offenses. Technology should address network access security and interception security. Encryption/decryption are generally effective in providing interception security, but network access security is complicated by the anonymity afforded by the public telephone network and the nearly total reliance of computer systems on static passwords. A security strategy should be based in a heavily publicized data security policy, pre-employment security background checks, and the compartmentalization of employees' responsibilities. Managers must also keep updated on computer security technology.