144本腳注的后半句和ISO/IEC 27001：2005中有細微區(qū)別，修改后的描述明確多了。本標準中為：Users of this Interna -tional Standard are directed to AnnexA to ensure that no necessary controls are overlooked。

ISO/IEC 27001：2005的腳注為：Users of this International Standard are directed to Annex A as a starting point for control se - lection to ensure that no important control options are overlooked（本標準用戶可將附錄A作為選擇控制措施的出發(fā)點，以確保不會遺漏重要的可選控制措施）。

145本句的原文為：Control objectives are implicitly included in the controls chosen。

146此處描述比ISO/IEC 27001：2005要簡練，但是不太好理解，因此此處只譯出大致意思。原文為：produce a Statement of

Applicability that contains the necessary controls [see 6.1.3 b)and c)] and justification for inclusions, whether they are imple - mented or not，and the justification for exclusions of controls from Annex A。Statement of Applicability，適用。性聲明，專用詞匯。

147此處原文為：formulate an information security risk treatment plan。注意：信息安全風險處置計劃是個專用名詞。