The business case for conducting

Red Team Penetration Testing

as part of a Dynamic Risk Assessment