Strictly speaking, security audits are used to measure an information system's performance by using a list of criteria. On the other hand, vulnerability assessment involves a comprehensive study of the entire information system. The goal is to find potential security weaknesses. Penetration testing is a covert operation, in which a security expert tries a number of different attacks to ascertain whether or not a system could withstand a real malicious attack.
Security auditing can include technical studies such as penetration testing which, apart from administrative and physical security measures, checks technical security systems. The security audit service is primarily intended for customers who have built a system for managing information security and wants to check its actual value.