Creation of an ISO 27001/2 checklist based on existing requirements (incl. SANS 20 checklist)