As part of a cybersecurity overhaul, an organization is aiming to improve its security stance. The cybersecurity manager has been tasked with understanding the current security measures and pinpointing areas of improvement. What is the OPTIMAL method to achieve this?