Audit & Pen Test

The IT Audit consists of the assessment of 12 key information security domains, as listed below:

  • Information System
  • Information Security Incident Management
  • Business Continuity
  • Compliance
  • Risk Management
  • Information Security Policy
  • Information Security Organization
  • Asset Management
  • Human Resources Security
  • Physical and Environmental Security
  • Communication and Operations Management
  • Access Control

IT6 security offers a simulated targeted attack against an organization or individual that will identify areas of weakness in security controls and awareness. Attacks conducted by IT6 professionals replicate advanced targeted attacks that are being conducted against organizations of all sizes, as well as select individuals. The goal of these attacks is to obtain confidential, proprietary, business damaging or personal information. This type of assessment is “no holds barred”. Any type of assessment (or multiple assessments) that the IT6 Security Projects Profiling Team conducts can be used to replicate what a real hacker could do against you.

We provide our clients with two types of penetration testing; internal and external. External penetration testing focuses on identifying and validating vulnerabilities that exist on all Internet-accessible services within an organisation's critical IT infrastructure such as web server, email server, DNS, etc. As for the internal penetration testing, it is a comprehensive security test of all systems related directly and indirectly to a business. It mimics the actions of an actual attacker exploiting weaknesses in network security without the usual danger. The test examines internal IT systems for any weakness that could be used to disrupt the confidentiality, availability, or integrity of the network, thereby allowing the organisation to address each weakness.


The main objectives of the assessment are:

  • To discover vulnerabilities in web application interfaces from an external party browser point of view.
  • To provide remediation or mitigation of the identified risks, threats and vulnerabilities.
  • To identify weaknesses and potential vulnerabilities in the partner country's lCT infrastructure in order to determine how secure the system is from theft or damage due to unpatched, weak, or misconfigured security settings.
  • To proactively address security gaps so that vulnerabilities are promptly rectified before they are exploited