One of the common jokes about mathematics is that you can easily get four mathematicians in the room and none of them knows anything about what the other studies, even though they agree they are all mathematicians.
Submitted by Matt Simmons on Tue, 2014-02-04 01:41
Having now been a Board member for officially six months, I've got to say, it's definitely a strange creature.
It's not that the organization is big so much as it's diverse, and spread out, and right now, largely undocumented. That should not be meant to imply that there is no documentation, though. The early founders of the organization created a veritable cornucopia of documentation. Practically everything they did was documented, which means that for someone going back and doing archaeology, there's so much to dig through.
Much digital ink has been spilled over the Payment Card Industry Digital Security Standard (PCI-DSS), the standard security rules that any vendor that accepts credit card payments agrees to follow. Many of the articles try to find a way to criticize the standard. "PCI wouldn't have stopped this breach, it's worthless!" being the normal battlecry.
The recent announcement of a third major retailer that has lost credit card information drives home several points I've tried to make over the years. Security cannot be an afterthought. Some of the complaints I've heard many a time is that security "gets in the way", or "doesn't make money, we can just absorb the cost."