A survey of computer security practices at 67 medium and large organizations in Singapore shows that the level of computer security practices at these organizations is predicted better using their needs for confidentiality, integrity and availability rather than through a more traditional risk assessment methodolog