The methodology followed by Internet Security Auditors allow the exhaustive review of the security aspects of all the components inside the Systems Information of the company, which cover the following aspects:

• Network Security : Analysis of the structure of the network, review of the devices entrusted to control the flow of information, of the configuration and state of devices of remote and wireless access and of the protection, filtering and detection of intrusions devices as well as detection of public points not properly secured.
• Internal Network Servers and Services Security: Detection of Servers and services with not updated versions, inadequate configurations of their Operating Systems and Network Services and of security requirements (updates and patches, adjustments of security configuration or complete processes of hardening).
• Data and Systems Availability Management Systems: Detection of deficiencies in Backup Policy or its application, in the Monitoring Systems or Remote Management and in the Contingency and Continuity Plans or in its application; detection of devices and systems of critical nature for the continuity of the business; and checking of the tolerance measures applied against failures.
• Protection Systems: Review of security of the Containment and Filtering Content Systems, detection of anomalies in the functioning of the application protection systems (Antivirus, Antispam and Filtering Content -web, FTP, P2P ...-), identification of security requirements (need of update or application of patches, misconfigurations and scope of action) and possibility of legal commitment or damage to the image of the company.
• Workstations Security: Determine the capacity of a user to realize actions without control for the network administrators in or from its machine (compromise a system, access or share information or resources and install or deinstall software) and detection of not updated workstations and with security systems disabled or misconfigured (antivirus, personal firewalls, monitoring tools or remote management, ...).

The result of all the work of Analysis of the Systems and the later Analysis of Results and Reporting, is suite of documents where all the results obtained in the Security Audit are exposed with the recommendations to correct the deficiences detected (changes in the network architecture, configuration of systems and services, etc...).

Some of the results, which will depend of every case, are those:

• Executive summary.
• Result obtained in each of the analyzed points.
• Vulnerabilities detected and catalogued according to its dangerousness level, and the recommendations for its correction.
• Changes of configuration recommended in the systems to improve the security.
• Recommended changes in autenthication, control access and passwords policies.
• Recommendations on new applications and services that help to increase the security level.
• Map of current network and recommendations of changes to improve the topology of current network.
• Changes recommended in the rules of the Perimetral Protection Systems (routers, firewalls, IDS ...).
• Changes recommended in the different accesses to the network.
• Recommendations to improve the users' authentication and points of access in the wireless network.
• Changes recommended in the antivirus systems, its distribution and configuration.
• Improvements in the reactive security systems.
• Recommendations, qualifications and corrective actions of the technical aspects defined in the ISO-17799.