Dave Whitelegg has a blog that I’ve just stumbled on and the first article I see is this one:
IT Security Expert: Security is a Process, not a Product.
This is a great post and also contains a link to a great article by Bruce Schneier - here - the gist of things here should echo what I’ve been posting about - information security is not something that a vendor with a magic box is going to provide….
Security is a process, an integrated, wholistic approach that incorporates technology, technology products, internal process, …

Not directly information security related, but still very interesting - CVS has made another very large purchase and it should be interesting to see what RiteAid and Walgreens do in response….
Also, there are going to be some interesting PCI-related discussions regarding how to merge two differently-run organizations together in a way that effectively manages security and compliance.
CVS Caremark Corporation to Acquire Longs Drug Stores Corporation | CVS Caremark.

PCI Blog - Compliance Demystified » Blog Archive » Credit card theft indictments show why small crime matters.

Not necessarily retail-specific, but pretty cool if you are into this stuff - Dave is a NetSPI guy and absolutely fantastic…
A First Ever Look Inside The Defcon Network Operations Center | Threat Level from Wired.com.

So I just tossed out a link to an older article from RIS regarding PCI and the issues at Hannaford. As soon as I posted that, I ran into this article which is a short collection of responses including some from people that I have worked with and respect VERY highly.
Sunita Gupta is EVP for Lake West Group and Greb Buzek is President of IHL Consulting and both are people that I consider experts in the business of retail and in the application of technology within the industry.
Bud Wagner …