In the context of transition to online education worldwide, it is of utmost importance to provide the protection of confidential data from information security threats. The present study intends to evaluate the level of security of the HSE University information system. The security audit of the system is carried out using the methodology of penetration testing which allows identifying vulnerabilities and assessing risks. The paper describes the stages of preliminary information gathering, preliminary vulnerability analysis. The exploration of methods and gathered information enabled developing a functional penetration testing model. Although some of the discussed (sub-)stages were not completed due to the legislative aspect, we were able to collect detailed information about the information system, determine providers and server locations, scan ports, determine file structures, describe the current state of the technologies used in the HSE University information system and compile a list of potential vulnerabilities. The proposed functional model and the completed phases will serve as a strong basis for conducting a full-fledged information security audit.