It describes how to evaluate data security investments, map the potential investment to your business needs, then build a business justification case. It starts with a discussion of data security issues, then reviews alternative models (and their flaws), and finishes presents our justification methodology.

This report shows how to build a pragmatic web application security program that constrains costs while still providing effective security. It also focuses of the particular security needs of web applications, and then delves into details of the major security components and how to pull them together into a complete program, with examples built around typical use cases.