Security Audit

The Security Audit represents an innovation in the field of IT Risk Management. It combines the Penetration Test and the Risk Assessment activities in one, unique service. The result of this synergy is an extremely detailed analysis, that is aimed at precisely (and even quantitatively) assessing the security posture of the Client’s IT infrastructure. The analysis is supported by technological evidence, in compliance with two formal assessment methodologies.

The distinguishing property of the Security Audit is the combined use of two types of assessments that allows:

  • Optimization of the Penetration Test activity, by increasing its efficiency and providing the best possible vulnerability evaluation;
  • Improvement of the precision of risk detection and of mitigation strategies, by including an additional layer of technical detail.


Tools and methodologies

For the Risk Assessment component of the service, methodologies compliant to the ISO/IEC 27001:2005 and ISO/IEC 27005:2008 standards will be used. Both qualitative and quantitative (in euros) risk assessments can be carried out.

For the Penetration Test component, the OSSTMM is used. For ten years, this methodology has been a reference point in the field and it is widely supported nationally and internationally.


Optional services

@ recommends, as an opportunity to optimize and broaden the relevance of the results provided by the described service, the following additional options:

  • IT Risk Management Training - theoretical courses and practical coaching of the personnel in charge of IT Risk Management in order to enable it to autonomously carry out a broad range of activities;
  • Penetration Testing Training - theoretical courses and practical coaching of the personnel in charge of the technological assessments in order to enable it to carry out such activities autonomously;
  • Internal methodology definition - creation of an internal methodology in the Client’s specific environment, formally establishing criteria, restrictions, roles and responsibilities, execution modes, and guidelines to be followed internally;
  • Follow-up - verification of the correct implementation of the security countermeasures suggested within the remediation plan.

Security Audit - 462,69 kB Download the service datasheet.