• Audits

    The security audit involves comparing the security policies of a company with what is really happening. The objective of the security audit is to validate that security controls exist, generally using a risk-based approach. Auditing often involves reviewing business processes and, in many cases, may not be very technical. Not all audits are high level, but most are quite simplistic.

    On the contrary, ethical hacking focuses on the vulnerabilities that can be exploited. Validate that security controls do not exist or are ineffective at best. Ethical hacking can be highly technical and non-technical, and although you use a formal methodology, it tends to be a bit less structured than formal audit.


    If you continue the audit in your organization, you might consider integrating ethical hacking techniques into your IT audit program. They complement each other very well.