ISO 27001 and ISO 27002

I'm a student of Computer Engineering, and in my final project I have to define a security policy to my School.
So I have been analysed the ISO 27000 and COBIT, to see the differences between them and I decided that the ISO 27000 is the most benefit  to this project.
So I'm trying to understand how the ISO 27000 works, I know that the ISO 27001 is referral to the implementation of one Information Security Management System and the ISO 27002 is referred to the elaboration of the Security Policy.
Right know I'm trying to understand how the ISO 27002 works, and how can I construct my Security Policy.
I don't have, yet, time to analyse the documentation that I've downloaded.
 

Answer:

You are partially ok, because ISO 27001 is an international standard with requisites for the implementation on an ISMS, but ISO 27002 is not only for the elaboration of the Security Policy. Let me explain the differences: The core of ISO 27001 is the risk management (you need to identify risks and reduce them) for the protection of the information. ISO 2700 2 has 114 security controls, which you can use to reduce risks (one of them is A.5.1.1 Policies for information security).
So, with ISO 27001 you identify risks, and you need controls to reduce them, and you can do it with the security controls of ISO 27002. You can also see the same security controls in the Annex A of ISO 27001, although you can only see a brief description, in ISO 27002 you can see a guide of implementation of each control.
This article about ISO 27001 and ISO 27002 can be interesting for you “ISO 27001 vs. ISO 27002” : https://advisera.com/27001academy/knowledgebase/iso-27001-vs-iso-27002/
And this free tutorial can be also interesting for you “How to write the information Security Policy According to ISO 27001” : https://advisera.com/27001academy/tutorial/free-tutorial-how-to-write-the-information-security-policy-according-to-iso-27001/