在ISO/IEC 27001:2005描述是这样的
41本句原文为:This International Standard specifies the requirements for establishing,implementing,maintaining and continually
improving an information security management system within the context of the organization.在引言中的描述为:This Inter - national Standard has been prepared to provide requirements for establishing, implementing, rruintaining and continually impro - ving an information security management system.这一句和引言中的描述比较类似,注意两者的区别。此处用的是speci- fy,引言中用的是provide。这里语气比较重,类似于说明书之类的东西,引言中的描述则比较笼统。此外,这里还加了一个限定,就是within the context of the organization。
42在ISO/IEC 27001:2005描述是这样的:This International Standard specifies the requirements for establishing, implementing,
operating, monitoring, reviewing, maintaining and improving a documented ISMS within the context of the organization's overall business risks.注意ISO/IEC 27001:2013中把对overall business risk的强调分开了。