Maybe some of my thoughts on PCI DSS (that I have posted here before) can be attributed back to past experiences in tougher regulatory environments I have been exposed to. For those dudes whinging about how tough PCI DSS is on the business, try working in an IT Security / IT Risk Management role in an Investment Bank in the likes of Japan and Singapore for example!
You poor dears! Would hate to see how you would deal with the regulators in those countries with their Government run “compliance” audits! Makes PCI DSS compliance look like a piece of piss (so to speak). Be careful some people what you wish for!
Do I need to expand upon why?