The proper approach to designing a solution is one that meets business objects and that protects against identified risks with controls that are transparent to the user. The approach sounds simple enough; the challenge is defining what needs to be protected, what are the risks and types of controls...