What is the ISO/IEC standard?
Regarding the ISO/IEC standards their is much to discuss. First and foremost, the International Organization of Standards (ISO) and the International Electronics Commission (IEC) are IT standards/certifications with the intention of verifying an individuals knowledge regarding subjects within different topics/standards. Regarding this post, I will primarily discuss the ISO/IEC 27000 series of standards. This includes the ISO/IEC 27000, 27001, and 27002 standards.
How does the ISO/IEC 27001 differ from ISO/IEC 27002?
To continue, the difference between the standards is as follows; According to iso.org, ISO/IEC 27000:2018 and ISO/IEC 27001:2013 include primarily security regrading digital information while ISO/IEC 27002:2013 include primarily "security techniques - code of practice for information security controls". In other words, ISO/IEC 27002 is primarily used as a reference for the implementation of security based controls for ISO/IEC 27001; ISO 27002 is also more in-depth regarding how each control is implemented.
References
ISO/IEC 27001 — Information security management. (2021, February 16). ISO. https://www.iso.org/isoiec-27001-information-security.html