![](https://secondadvisories.com/wp-content/uploads/2023/01/2023.01.05-2013-11-06-05-27-58-IMG_1461-cropped-1024x576.jpg)
For certain job roles of cybersecurity practitioners, policy making is necessary as a foundation in running the business securely to a reasonably degree.
While doing so, we must fully understand the business objectives, operating environment and intended business outcomes taking text book knowledge as a reference rather than blindly applying. Where necessary, suitable qualifier or elaboration is required to enhance clarity.
Example is personal privacy. The data subject must be a living individual shall have differentiated the situation in real life. Without this, it is impossible and impractical to enforce by replacing all the tombstone around the globe.