The following legal liability risks associated with information systems are examined: failure to provide effective controls and security to prevent wrongful access to computers or networks, use of online systems in ways that violate another person's rights, failure to have a disaster recovery program, failure to keep adequate records of and reasonable security for electronic transaction systems, failure to make timely data backups and provide safe records storage, improper use of vendor software or systems, and insufficient protection of proprietary information and intellectual property. Guidance is offered on laws covering computer crime and on possible liabilities and litigation risks associated with computer crime and the protection of information assets. An effort is also made to provide legal facts and background information essential to the development of computer protection policies, to foster continuing dialogue on matters that affect information systems security and legal liabilities, and to provide a legal reference for the development of training materials that sensitize employees to legal compliance requirements and the importance of computer protection. In addition, consideration is paid to the confidentiality and privacy of information and U.S. Sentencing Commission guidelines on how to develop effective compliance programs. An appendix discusses industry and government standards on computer security, internal controls, and auditing. References and tables