IT security audits may be characterized according to the degree of information the testers and the administrators of the systems in scope have when the tests are carried out. Often, a distinction is made between the following test types: White box, grey box, black box, white hat, black hat, blind, double blind, tandem and reversal.