This article highlights a lot of problems that exist in the infosec field today. There is a great quote in there:

Most IT Security organizations are busy checking some boxes on an audit list, and effectively missing the forest for the trees when it comes to actual security.”

I would sign under every word. That’s also the jist of the argument of people who are¬†vehemently¬†against PCI, though I wouldn’t necessarily include myself in that camp.

http://h30499.www3.hp.com/t5/Following-the-Wh1t3-Rabbit-Down/On-lack-of-IT-readiness-Security-Edition/ba-p/5791579#.UEeytI1mQik