41本句原文為：This International Standard specifies the requirements for establishing，implementing，maintaining and continually

improving an information security management system within the context of the organization.在引言中的描述為：This Inter - national Standard has been prepared to provide requirements for establishing, implementing, rruintaining and continually impro - ving an information security management system.這一句和引言中的描述比較類(lèi)似，注意兩者的區(qū)別。此處用的是speci- fy，引言中用的是provide。這里語(yǔ)氣比較重，類(lèi)似于說(shuō)明書(shū)之類(lèi)的東西，引言中的描述則比較籠統(tǒng)。此外，這里還加了一個(gè)限定，就是within the context of the organization。

42在ISO/IEC 27001：2005描述是這樣的：This International Standard specifies the requirements for establishing, implementing,

operating, monitoring, reviewing, maintaining and improving a documented ISMS within the context of the organization's overall business risks.注意ISO/IEC 27001：2013中把對(duì)overall business risk的強(qiáng)調(diào)分開(kāi)了。