||Computer and network security are too often couched in terms of passwords and encryption-the computer equivalent of "lock and key" safekeeping for physical assets. Even though the sophistication of password-encryption schemes has improved dramatically, with new standards for secure Internet transfer of digital cash and card numbers, passwords still provide incomplete and flawed protection. Following the lead of law enforcement in traditional crimes, which has moved beyond "locks" to address the entire life cycle of crime, this research assesses how computer security can take what has been learned about effective crime prevention to move beyond passwords. It proposes a "rational choice" model of computer and network crime that identifies new points to be targeted for control. This broader perspective is used to define an expanded control agenda to fight computer and network crime. Copyright © 1997 M.E. Sharpe, Inc.