Method for Evaluating Information Security Level in Organisations.

This paper introduces a method for evaluating information security levels of organisations using a developed framework. The framework is based on Estonian Information Security Standard categories which is compatible with ISO 27001 standard. The framework covers both technical and organisational aspects of information security. The results provide an overview of security to the organisation's management, compare different organisations across the region, and support strategic decision-making on a national level.