Of the vulnerability scanning, penetration testing, and IT security audits, IT security audits generally require the least amount of in-depth technical knowledge but the most organizational agility and negotiation skills. The heart of any organization’s information security is its security policy. All information security is built on security policy; consequently, routinely assessing the policy’s effectiveness is critical to an organization’s ability to protect its information assets. Quite frequently, a poor performance during a penetration test is an indicator of greater problems with security, right down to the underlying policy. You might be asked to conduct an IT security audit as part of regulatory ...