"When two organizations merge, it’s certain that they will have
different security philosophies, policies, technologies and
requirements regarding Web application security. For example, an
ecommerce site that allows customers to track order progress has to
permit deeper access into the back-end system than one that merely
generates an email once the order is completed. Change control could be
another area of conflict if one organization has embraced blog and wiki
technologies to communicate with employees and customers.
Because of each company’s separate approaches and needs, a combined
team from both organizations must be charged with assessing the new
entity’s risk exposure and setting targets for the merged Web security
operation. "
Article Link: http://searchsecurity.techtarget.com/tip/0,289483,sid14_gci1260582,00.html
