Standard-based security audit (ISO 27001-compliant analysis of the security level by means of questionnaires, analysis and suggestions for improvements)