An excellent way to test the effectiveness of the security controls you have implemented is to run Penetration Tests. Sometimes referred to interchangeably with Ethical Hacking, penetration testing simulates real-world cyberattacks against your network. If you have implemented good security controls, the job of the penetration testing should be difficult. Penetration tests can be performed by you if you have the skills. If you don't have the necessary skills, some firms offer third-party tests.
Setting up a penetration test involves careful preparation. If you are hiring a third-party tester, you need to define a Service Level Agreement (SLA) with the testing firm to set the allowed scope and boundaries for the test. Even though you are testing your own network, you need to be wary of potential legal issues. If a penetration tester becomes misguided and ventures off course, they could compromise assets that contain sensitive data, potentially damaging it. Some ISPs and cloud providers may also have restrictions against penetration testing. Make sure to thoroughly prepare before attempting any kind of test.
Once a penetration test has finished, it will produce a Penetration Test Report. This is a document written by the testers themselves, containing info on what was done and what was discovered. The insights from this report will give you the necessary fuel to begin implementing new security controls, essentially looping you back to Stage 1 of this framework for another iteration.