ISACA Makes Five Critical Cyber Security Recommendations for First 100 Days of Next US President

Collaboration, Organization and Training Must Top 45th US President’s Cyber Security Agenda

ROLLING MEADOWS, Ill.--()--While the US presidential campaign has occasionally focused on cyber security, the topic demands more urgent attention from the individual elected as the 45th President of the United States, according to leading cyber security and business technology association ISACA.

In an opinion column published in The Hill, ISACA recommends that cyber security be a significant component of the next president’s 100-day agenda, especially given its overlap with geopolitical and economic issues. Bolstering the US cyber approaches and responses is essential for critical infrastructure, national defense operations, and ultimately the US and global economies.

In the article, Theresa M. Grafenstine, CPA, CISA, CGEIT, CRISC, CIA, CGAP, CGMA, ISACA Vice Chair of the Board and Inspector General, US House of Representatives, outlines five top critical cyber security priorities that need to receive ample attention in the first 100 days of the 45th President’s new administration:

  • Bringing Order to Cyber Security Across All Levels of American Government. An essential priority in the first 100 days must be for the new president to work with Congress to take a more holistic approach to address the ever-shifting threats present in the country’s cyber security landscape.
    • Until now, regulatory and enforcement agencies at the local, state and federal levels have been addressing cyber security issues with limited coordination and in piecemeal fashion, creating challenges for executing defense and response measures.
  • Dealing with Nation-State Attacks. The incoming president must address the growing nation-state cyberattacks head on.
    • Cyber is quickly becoming the new theater of war. Unlike traditional war, where rules and societal expectations, such as the Geneva Convention, have been in place for decades, cyber security lacks defined international norms. The new president will have the dual burden of dealing with nation-state attacks, as well as distinguishing between ‘cyberterrorist’ and ‘cyber freedom fighter.’ When it comes to international cyber security, adherence to an outmoded dogma of ‘an eye for an eye’ escalates to blindness in days, not months or years.
  • Skilling Cyber Security Professionals. More work must be done to support the long-term construction of a robust educational pipeline for skilling, reskilling and upskilling cyber security professionals.
    • Legislative and other initiatives, such as tuition reimbursement and similar support for those obtaining cyber security degrees, are a good start. Further steps must focus on the profession in its entirety, with additional incentives for those who choose careers in the public sector, or protecting critical infrastructure.
  • Global Cyber Security Collaboration. The work on international norms for cyber security must become an ingrained part of all meetings of global leadership groups such as the G-7, G-20, ASEAN, APEC, and in any technology-focused EU-US interactions.
    • While there has been increased dialogue and work between nations, much more remains to be done. Likewise, as the new president interacts with world leaders one-on-one, cyber security needs to be a portion of those discussions.
  • Modernizing IT in Government. There must be a comprehensive and sustained commitment to evolving government at the pace of innovation.
    • The scorecard for US government IT is not pretty. Reviews have moved the government into the ‘mediocre’ category, at best. This must change, and quickly. Measures like H.R. 6004, the Modernizing Government Technology Act, are a good step in the right direction. More is needed.

With the nearly daily drumbeat of news about cyberattacks in the United States and around the world, ISACA urges the next US president to make these recommendations a top priority – both in the first 100 days of the new administration and throughout the next four years.

ISACA is a champion of Cyber Security Awareness Month as an organization dedicated to promoting a safer, more secure and more trusted Internet. Additional cyber security guidance and resources can be found at


ISACA® ( helps global professionals lead, adapt and assure trust in an evolving digital world by offering innovative and world-class knowledge, standards, networking, credentialing and career development. Established in 1969, ISACA is a global nonprofit association of 140,000 professionals in 180 countries. ISACA offers the Cybersecurity Nexus (CSX), a holistic cybersecurity resource, and COBIT®, a business framework to govern enterprise technology. ISACA also advances and validates business-critical skills and knowledge through the globally respected Certified Information Systems Auditor® (CISA®), Certified Information Security Manager® (CISM®), Certified in the Governance of Enterprise IT® (CGEIT®) and Certified in Risk and Information Systems Control™ (CRISC™) credentials.


LinkedIn: ISACA (Official),



Sara Bosco, +1-347-276-3097
Kristen Kessinger, +1-847-660-5512

Release Summary

Global IT and cybersecurity association ISACA outlines 5 critical cyber security priorities that need to receive ample attention in the first 100 days of the 45th President’s new administration.


Sara Bosco, +1-347-276-3097
Kristen Kessinger, +1-847-660-5512