The ISA Mission is to integrate advanced technology with economics and public policy to create a sustainable system of cybersecurity. The ISA board does this by implementing its three major goals – thought leadership, policy advocacy and developing effective best practices. The source of ISA’s thought leadership and policy formation is its board of directors. Since its founding over 20 years ago the ISA board has argued that the traditional policy approach focused on technical regulation did not appreciate the true depth of the cybersecurity issue which is not just about technical vulnerabilities but also the economic drivers that sustain the attack community. Over time ISA has been successful in broadening the public policy debate to appreciate cyber as an enterprises wide risk management issue that needs to include technical enhancements but must also address broader problems such as workforce development, duplicative and wasteful regulation, systemic risk and making the economics of security critical infrastructure sustainable by integrating economic incentives into a more fulsome public private partnership.