144本脚注的后半句和ISO/IEC 27001:2005中有细微区别,修改后的描述明确多了。本标准中为:Users of this Interna -tional Standard are directed to AnnexA to ensure that no necessary controls are overlooked。
ISO/IEC 27001:2005的脚注为:Users of this International Standard are directed to Annex A as a starting point for control se - lection to ensure that no important control options are overlooked(本标准用户可将附录A作为选择控制措施的出发点,以确保不会遗漏重要的可选控制措施)。
145本句的原文为:Control objectives are implicitly included in the controls chosen。
146此处描述比ISO/IEC 27001:2005要简练,但是不太好理解,因此此处只译出大致意思。原文为:produce a Statement of
Applicability that contains the necessary controls [see 6.1.3 b)and c)] and justification for inclusions, whether they are imple - mented or not,and the justification for exclusions of controls from Annex A。Statement of Applicability,适用。性声明,专用词汇。
147此处原文为:formulate an information security risk treatment plan。注意:信息安全风险处置计划是个专用名词。