Whitepaper
What is the current state of your security control testing? Do scope and infrequency limit your testing?
This whitepaper by SANS explains why security control validation needs to improve to emulate actual—not hypothetical—threats to an organization.