There are many ways cyber policies and infrastructure can be developed without predicative knowledge. I believe if predictive knowledge is going to be a major factor of cyber policies and infrastructure then the data must be one that is accurate to assist in predicting what variant of cyber crime is ahead that the cyber world needs to prepare for before it is unleashed. Cyber policies and infrastructure should be developed with the  the most high risk scenarios and costly risk in mind then after those have been taken care of the lower risk factors will be considered. With how complex cyber security and technology is, believe it is extremely difficult if not impossible to have a perfect approach to cyber security. As a result the most costly risks should be prioritized when it comes to the allocation of funds and human labor to ensure that those risk assessments are dealt with first. When developing cyber policy and infrastructure, the most talented and experienced professional should lead the way with suggestion and ideas in conjunction with the policies and infrastructures that have already been established. Ample time should be allocated to the to high level risk to ensure that all loopholes are closed and that the system leaves zero or close to zero opportunities for a bad actor to access the system and take advantage of this . Once allocation for major risk factors have been resolved the remaining resources can be allocated to mitigating and securing the lower level risk factors to help prevent attacks such as an escalation of privilege attack. Which takes advantage of lower level vulnerabilities but then can potentially gain access to high level vulnerabilities via the access gained on the lower level. Tools as well as well documented policies and trainings should be offered to employees of any organization as part of the structure of creating cyber security policies and infrastructure.