在ISO/IEC 27001：2005描述是这样的

41本句原文为：This International Standard specifies the requirements for establishing，implementing，maintaining and continually

improving an information security management system within the context of the organization.在引言中的描述为：This Inter - national Standard has been prepared to provide requirements for establishing, implementing, rruintaining and continually impro - ving an information security management system.这一句和引言中的描述比较类似，注意两者的区别。此处用的是speci- fy，引言中用的是provide。这里语气比较重，类似于说明书之类的东西，引言中的描述则比较笼统。此外，这里还加了一个限定，就是within the context of the organization。

42在ISO/IEC 27001：2005描述是这样的：This International Standard specifies the requirements for establishing, implementing,

operating, monitoring, reviewing, maintaining and improving a documented ISMS within the context of the organization's overall business risks.注意ISO/IEC 27001：2013中把对overall business risk的强调分开了。