We should approach our policies with an assumption that breaches are going to happen, we can’t plan for zero casualties that’s impossible. This means that our strategies must be developed well and used properly in their respective places. Also monitoring the system and keeping watch for any casualties or breaches into the system. Our priorities also need to be focused out on the most critical of infrastructures. Maybe we can’t protect everything at once but we surely can protect the most important assets. Doing exactly what a CISO should be doing, resource allocation. As we get further down the unending road of cybersecurity we must adapt our policies to new threats emerging from new technologies. Criminals are finding more and more ways to target those vulnerabilities