Jackie wants to use an ISO standard to help her select and implement information security controls and to develop information security management guidelines. Which ISO standard should she use?

ISO 27002 describes controls and helps select and implement controls while also providing guidance on developing information security management guidelines. ISO 27001 establishes control objectives for 14 different categories, including things like HR security, asset management, and operations security. ISO 27701 focuses on managing privacy controls, and ISO 31000 provides guidelines for risk management.