How ISO 27001 and ISO 27002 are related

Answer:
The relation between ISO 27001 and ISO 27002 is simple: ISO 27001 establishes requirements for an Information Security Management System, and includes the Annex A with 114 security controls. ISO 27002 is a guide of best practices for the implementation of the 114 security controls of the Annex A of ISO 27001.

Really you only need to implement the necessary security controls after the risk analysis, and you will nee d ISO 27002 only if you need specific information about how to implement the security controls of Annex A of ISO 27001. This article can be interesting for you “The basic logic of ISO 27001: How does information security work?” : https://advisera.com/27001academy/knowledgebase/the-basic-logic-of-iso-27001-how-does-information-security-work/

And also this article "ISO 27001 vs. ISO 27002" : https://advisera.com/27001academy/knowledgebase/iso-27001-vs-iso-27002/

Regarding the threats/vulnerabilities, this article can be also interesting for you, because you can see a complete list of them “Catalogue of threats & vulnerabilities” : https://advisera.com/27001academy/knowledgebase/threats-vulnerabilities/

Finally, these materials will help you to know more about the ISO 27001:
- free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/
- book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/