Studies by the American Bar Association, the American Institute of Certified Public Accountants, and the Federal Government have documented the rising incidence of computer-related crime and the need for more effective self-protection by systems owners, education of users concerning the vulnerabilities of computer systems, and the enactment of Federal and State legislation aimed at the problem. Several characteristics can make a system particularly prone to abuse: inadequate password management systems, improper application of access or usage controls, networking vulnerabilities, improper management and protection of backup files, inadequate protection of sensitive data, and a lack of security awareness by users and administrators. Whenever possible, controls should be instituted so that the computer protects itself, since people are the weakest part of any security system. A layered ring approach should be used to protect computer systems. The outer ring consists of physical security countermeasures such as personnel access control systems. The next ring of security involves administrative procedures, which include such measures as escorting all visitors to the computer center. The next ring of protection encompasses the person-machine interface called personnel subsystems. These countermeasures include requiring passwords which are changed periodically. The final ring of security involves computer systems countermeasures. These include designing systems so they do not overly identify themselves to computer hackers or other interlopers. A figure illustrates a computer security system, and States with computer crime laws are listed.