本脚注的后半句和ISO/IEC 27001：2005中有细微区别

144本脚注的后半句和ISO/IEC 27001：2005中有细微区别，修改后的描述明确多了。本标准中为：Users of this Interna -tional Standard are directed to AnnexA to ensure that no necessary controls are overlooked。

ISO/IEC 27001：2005的脚注为：Users of this International Standard are directed to Annex A as a starting point for control se - lection to ensure that no important control options are overlooked（本标准用户可将附录A作为选择控制措施的出发点，以确保不会遗漏重要的可选控制措施）。

145本句的原文为：Control objectives are implicitly included in the controls chosen。

146此处描述比ISO/IEC 27001：2005要简练，但是不太好理解，因此此处只译出大致意思。原文为：produce a Statement of

Applicability that contains the necessary controls [see 6.1.3 b)and c)] and justification for inclusions, whether they are imple - mented or not，and the justification for exclusions of controls from Annex A。Statement of Applicability，适用。性声明，专用词汇。

147此处原文为：formulate an information security risk treatment plan。注意：信息安全风险处置计划是个专用名词。