OVERVIEW OF ANNEX A AND ISO IEC 27002 2013

ISO IEC 27001 2013 includes a section called Annex A. This Annex lists
information security control objectives and information security controls
and is taken directly from ISO IEC 27002 2013 sections 5 to 18.

Below, you will find a brief overview of ISO IEC 27001 2013 Annex A
and therefore ISO IEC 27002 2013 (since Annex A is essentially an
outline of this standard):

5. Security Policy Management
6. Corporate Security Management
7. Personnel Security Management
8. Organizational Asset Management
9. Information Access Management
10. Cryptography Policy Management
11. Physical Security Management
12. Operational Security Management
13. Network Security Management
14. System Security Management
15. Supplier Relationship Management
16. Security Incident Management
17. Security Continuity Management
18. Security Compliance Management

The list above starts with the number 5 because both Annex A and
the ISO IEC 27002 2013 information security standard start there.

HOW TO USE ANNEX A

ISO IEC 27001 2013 section 6.1.3 expects you to use Annex A, and
any other suitable resources, to "produce a Statement of Applicability
that contains the necessary controls". Your task is to select all of the
information security controls that you need in order to implement
the risk treatment options that you're expected to choose and the
risk treatment plan that you're expected to develop according to
section 6.1.3 of ISO IEC 27001 2013.