The most comprehensive approach is to have an InfoSec policy portfolio which permeates into every corner of your organisation and dictates secure operating behaviours and mandates logical and physical security practices. This will include regular vulnerability scans on your code, your application stack and your infrastructure but it will also include instructions on how to classify data and how to handle data according to that classification.
Compliance is a achieved by marking a checklist which is why is fairly easy to botch it up. Sure you can do a subset of the checklist and have compensating controls for everything you've missed but the risk of non-compliance is not being able to do business (at best) and jail time (at worst) so you tell me what is your motivation to fail to meet the bare minimums of security best practices in card payment industry, aka, PCI-DSS.
Think of a castle; It will have several walls, towers, heavy doors, guards etc. It will also be placed in a hill, a mount or otherwise hard to access area (never in a vale for instance). It will also have the largest possible distance between the treasure hall and the front door. The threats your castle faces will continuously evolve, and the walls that stood up against bows and arrows are useless against turrets or cannons, so if you want to keep your treasure you do your best to be one step ahead and you don't get that by making sure your original walls are still in place or any other base requirements are still met.
Compliance is a achieved by marking a checklist which is why is fairly easy to botch it up. Sure you can do a subset of the checklist and have compensating controls for everything you've missed but the risk of non-compliance is not being able to do business (at best) and jail time (at worst) so you tell me what is your motivation to fail to meet the bare minimums of security best practices in card payment industry, aka, PCI-DSS.
Think of a castle; It will have several walls, towers, heavy doors, guards etc. It will also be placed in a hill, a mount or otherwise hard to access area (never in a vale for instance). It will also have the largest possible distance between the treasure hall and the front door. The threats your castle faces will continuously evolve, and the walls that stood up against bows and arrows are useless against turrets or cannons, so if you want to keep your treasure you do your best to be one step ahead and you don't get that by making sure your original walls are still in place or any other base requirements are still met.