Bang, Bang, Bang. No, that's not an opening scene of a gangster movie. It's my head banging against the wall in frustration. Over what, you ask? The fact that, even though an organization clearly falls under some law or regulation (as in they store credit cards or retain healthcare information), some people in selected organizations don't think the laws and regulations apply to them. They're in total denial that they have compliance requirements that need to be addressed. How can this be? The PCI DSS, in particular, is pretty clear. If you store credit card data, you have compliance requirements. But rather than assigning the appropriate resources to get the issues addressed, this segment of the organization spends countless hours justifying why they don't have to comply Meanwhile, the rest of the organization goes about addressing the issues for which they're responsible. Why put so much energy into avoiding the work when it would be easier and take less time to address and resolve the issues? Can anyone help me understand this? My headache is rapidly turning into a migrane - bang, bang, bang....