OK -
This must have been the article that Ms. Amato-McCoy had written to spark the little editorial that I also just posted about.
The article is about Staples and their Information Security Officer - Christopher Dunning.  It is nice to see that Mr. Dunning seems to have the ‘right’ attitude about security (so says me) and isn’t just looking at the endevour as something that needs to be checked off.
PCI is a budget-exercise.  It’s the ‘fundable’ buzzword that finance requires to attach money to security and to give intelligent, business-focused executives …

I’m late here, but another very good article from StorefrontBacktalk regarding the Hannaford breach and the reaction from Bill Homa.
StorefrontBacktalk - Former Hannaford CIO: Avoid Microsoft And Change PCIs Encryption Rules.
I think this one paragraph is particularly interesting:
As for the oft-repeated song that Hannaford was breached while PCI compliant indicates some sort of a PCI indictment, Homa said it comes down to two things: “Either the standards weren’t strong enough or the assessor wasn’t doing his job.”
I think this is an interesting statement for a couple of reasons - first …