The Cyber Security Enhancement Act of 2002 directs the United States Sentencing Commission to review and amend guidelines and policy statements applicable to individuals convicted of offenses related to computer security. The Commission analyzed data on 116 cases of individuals convicted and sentenced during fiscal years 2001 and 2002. Data revealed that most violators were well educated, and had minimal criminal histories. Forty-eight percent of the crimes were committed for financial reasons. Based on this analysis, the report outlines modifications to the amendment that are designed to ensure that the guidelines and policy statements applicable to persons convicted of computer-related crimes reflect the seriousness and growing incidence of computer offenses and the need to provide for an effective deterrent. Modifications include the enhancement of targeting offenses involving malicious intent and modifications for offenses involving computer systems used in critical infrastructure and national defense and security. Implementation of the directive is also reviewed in the report as it applies to loss, sophistication and planning, commercial advantage and private financial benefit, malicious intent, privacy, computers used for national security issues, critical infrastructure, and threat to public health and safety. Finally, the report provides recommendations for increased statutory penalties for computer-related offenses.