Deceptive techniques played a prominent role in many human conflicts throughout history. Digital conflicts are no different as the use of deception has found its way to computing since at least the 1980s. However, many computer defenses that uses deception were ad-hoc attempts to incorporate deceptive elements in them. In this paper, we present a model that can be used to plan and integrate deception in computer security defenses. We present an overview of why deception fundamentally works and what are the essential principles in using such techniques. We investigate the unique advantages deception-based mechanisms bring to traditional computer security defenses. Furthermore, we show how our model can be used to incorporate deception to many part of computer systems and discuss how we can use such techniques effectively. A successful deception should present plausible alternative(s) to the truth and these should be de- signed to exploit specific adversaries’ biases. We investigate these biases and discuss how can they be used by presenting a number of examples.