A Scan May Get You PCI Compliance, Not Security
Mike Rothman, in yesterday's Daily Incite, made a good point in his comments related to a piece on PCI Compliance Joel Dubin wrote for SearchSecurity.com.
Dubin did a good job capsulizing PCI, but spent the latter part focused just on the network scan and self-assessment. The reality is, as Mike pointed out, neither of these will necessarily improve your security.
At a minimum, regardless of your level, make a commitment to meet or exceed the standards in the auditor's document for PCI DSS.
As Mike says, and I agree wholeheartedly, if you adopt effective information security processes, you'll have no problem with PCI or any other compliance mandate.

Comments