Fun of reading ISO standards

(Sorry for English, Russian still not supported by Swype for Spica and I was fool enough to try an official version :)

Sometimes I think those ISO guys have some sense of humour.

In some organizations work habits or the main business have led to a specific "culture" within the organization, one which may be incompatible with the security controls.
Yeah, so true. In fact I saw few such companies. Or wait, I rather saw few dozens of them.

Vulnerability type: Organization
Vulnerability example (this means an exploitable weakness): Lack of proper allocation of information security responsibilities
Threat example (this means an evil that might exploit the vulnerability): Denial of actions.
BINGO!! Wan't do a shit unless it's in my job description :)

I don't like reading standards, but these points add some fun to it.