"When two organizations merge, it's certain that they will have different security philosophies, policies, technologies and requirements regarding Web application security. For example, an ecommerce site that allows customers to track order progress has to permit deeper access into the back-end system than one that merely generates an email once the order is completed. Change control could be another area of conflict if one organization has embraced blog and wiki technologies to communicate with employees and customers.

Because of each company's separate approaches and needs, a combined team from both organizations must be charged with assessing the new entity's risk exposure and setting targets for the merged Web security operation. "

Article Link: http://searchsecurity.techtarget.com/tip/0,289483,sid14_gci1260582,00.html