I have a study project related to establishing of ISO 27001.
I will do GAP analyses on "fictional" company over all ISO 27001 Annex A controls using ISO 27002.
After I do that, I will detect the risks using the results of that GAP analyses.
So my question is if there is a list of potential risks per each ISO 27001 Annex A control (or at least per each clause 5-18) ?