A financial services company wants to ensure that its security controls are effectively protecting its network and critical data assets. The company is mandated by regulatory requirements to conduct periodic reviews of its security infrastructure. Which of the following would BEST satisfy the need for an unbiased evaluation of the operational security?
Continuous monitoring by an internal audit committee.
Scheduling regular penetration testing by the in-house cybersecurity team.
Contracting an independent third-party to perform a comprehensive audit of security controls.
Conducting a thorough self-assessment using internal security and audit teams.