The assessment is the highest, least intensive level of an IT security audit. The assessment focuses on determining the current situation and reviewing the security-relevant IT components of a company.
In this form of the audit, no internal information on the IT infrastructure is available, i.e. the auditor is in the role of an anonymous attacker (hacker) in order to simulate the most realistic attack possible.