When developing cyber-policy and infrastructure it is difficult to predict the direction that cyber technology will go. In this it is also difficult to predict the risks associated with that unknown. With these limitations in mind, the policies must be carefully put in place as to not become either unintentionally stifling or entirely obsolete. When developing infrastructure it is paramount to keep the systems impermanent. Future proof infrastructure in the world of cyber technology is generally not possible. To develop a good infrastructure, there must be a focus on the updatability of the systems. With a constantly changing environment, technology in most applications has a relatively short shelf life. Cyber infrastructure is something that must be maximized. There is a large investment into something that can be out of date in a matter of years. It is important for businesses to measure their ROI for cyber infrastructure investments. With cyber-policy, it is more difficult to predict the direction of the industry and therefore it is more difficult to define policies. The most important things to consider when developing cyber-policies are the impacts they will have on the industry. If a policy is too broad or constricting, it may stifle progression within the industry. Stifling progression within the tech industry could have massive impacts. On the other hand, if a policy is too specific or relaxed, it could become obsolete or ineffective to the point that the industry goes unregulated. This type of unregulated action is what we are currently seeing with big tech giants and user data. Cyber policies are important to regulate these types of environments. The things that need to be considered with cyber-policy are the impacts on the industry, the impacts on the user, and the longevity of the effectiveness. Cyber-policy must be educated and should address potential or current issues.