Policy development is a core competency required of Chief Information Security Officers. In order to develop policy, however, it is necessary that the CISO and other business leaders understand the underlying issues and, where technology is involved, they must also understand those issues as well.
Read this article: https://www.bigcommerce.com/blog/social-media-advertising/#the-6-best-social-networks-for-ecommerce-advertising