This entails testing the state of readiness of the organisation to continually prevent / detect and manage cyber security threats.