Also known as information security audit, the term refers to the analytical process and management systems through which specialists in the field have a particular relationship to the study of multiple vulnerabilities that could reach present communication networks, servers or workstations work of an enterprise, and through the study of the same identify, describe and list the risks they mean.

With the information derived from such studies should abocarse relevant professionals to organize and detail the information obtained in such a way that managers eliminate vulnerabilities can give correct use and develop prevention measures, reinforcement or correction needed, always the objective of improving the security of each system and close to intrusions or reduce their margin of error. Of course, the systems audit includes a thorough review and evaluation of each of the systems, computerized procedures and the proper use, efficiency and safety of various computer equipment also file access and obtain general information .

Like any audit, information systems begins with a preliminary investigation, including a first-round observation of the state of the IT area, its relationship with the organization and whether or not properly updated, for example. Previous research cover while, business objectives and communication short and medium term, the chances of getting them according to technical resources and materials that counts, contracts, equipment and features, expansion plans, among many other factors.

After studying the case, networks, protocols and topologies are listed, the validity is checked according to international standards (such as ISO and COBIT), are identified and evaluated these weaknesses and develop appropriate measures of appropriateness or correctness. And finally, when resolved current vulnerabilities is passed on possible future work, in an instance is called "implementation of preventive measures".