Discrezionalità is the degree of choice an operator has when deciding how to act. In cyber security, it describes how much room a person has to interpret a rule, choose a response, or adapt a process to the situation. Low discretion means a step should be followed exactly; high discretion means judgment is expected.
This matters because security depends on knowing which actions are fixed and which are flexible. Too much discretion can lead to inconsistent approvals, uneven incident handling, or policy exceptions that weaken control. Attackers may exploit that ambiguity through social engineering, trying to push staff into making unverified exceptions or bypassing normal checks. In defense, carefully limited discretion is useful when analysts need to escalate, isolate a host, or adjust a response based on live evidence. The goal is not to eliminate judgment, but to define where judgment is allowed and where procedure must stay rigid.