Conceptual security audit (review of the security-related documents and processes by means of document grinding, interviews and gap analysis and proposition of measures)