Security audit of a communication infrastructure by means of a design, architecture, configuration and process review as well as internal and external security scans and penetration tests