Monday, January 12, 2009

Budgeting for Web Application Security

Great post on Budgeting for Web Application Security by Jeremiah Grossman.

Some key approaches are:
  1. Risk Mitigation - "If we spend $X on Y, we’ll reduce of risk of loss of $A by B%."
  2. Due Diligence - "We must spend $X on Y because it’s an industry best-practice."
  3. Incident Response - "We must spend $X on Y so that Z never happens again."
  4. Regulatory Compliance - "We must spend $X on Y because PCI-DSS says so."
  5. Competitive Advantage - "We must spend $X on Y to make the customer happy."

1 comments:

Matt Hardy said...

I Really Enjoyed The Blog. I Have Just Bookmarked. I Am Regular Visitor Of Your Website I Will Share It With My Friends Thanks and I promises I will visit your blog again.Professional Website Design Company