41本句原文為：This International Standard specifies the requirements for establishing，implementing，maintaining and continually

improving an information security management system within the context of the organization.在引言中的描述為：This Inter - national Standard has been prepared to provide requirements for establishing, implementing, rruintaining and continually impro - ving an information security management system.這一句和引言中的描述比較類似，注意兩者的區別。此處用的是speci- fy，引言中用的是provide。這里語氣比較重，類似于說明書之類的東西，引言中的描述則比較籠統。此外，這里還加了一個限定，就是within the context of the organization。

42在ISO/IEC 27001：2005描述是這樣的：This International Standard specifies the requirements for establishing, implementing,

operating, monitoring, reviewing, maintaining and improving a documented ISMS within the context of the organization's overall business risks.注意ISO/IEC 27001：2013中把對overall business risk的強調分開了。