Watch this video on YouTube
How should an information security manager integrate testing methodologies into a security program to ensure continuous improvement of security controls?