Ok at a basic level security testing its testing the security of the whole IT system and its data. Im guessing its not a big company or that it needs particually high security else you woudnt be asking here.
There is a quick list i can think of;
Physical security, lock doors, dont leave laptops, usb drives etc, locks on servers, dont laptop store in a car
Protection from internet based attacks (big on)
check website for, cross site scripting vunerabilites, sql injections, open ports, weak port 21 25 passwords or vunerabilities. weak java code that can be read and broken. check online for threats to whatever server OS you are on. loads more things tho…
look into google hacking and try it against yourself
if you have wireless network, use WPA encryption 256, hide SSID, limit access to certain times, limit access by mac address if possible or ip range.
If you have windows servers that accept RDP use strong password and limit access to ip or ip ranges.
Testing will look at antivirus in place, internet browser vunerabilites etc