Firewall Wizards mailing list archives
N/ICSA Name Game (long)
From: David Kennedy CISSP <dmkennedy () compuserve com>
Date: Tue, 19 Jan 1999 23:39:57 -0500
-----BEGIN PGP SIGNED MESSAGE----- <sigh> The purpose of this post is to provide some factual information regarding ICSA Inc, formerly known as the National Computer Security Association, Inc. I do not intend to create or extend any discussion threads. I do not intend to respond to follow-ups. Take it or leave it; my attempt is to be as objective as possible. I am part of ICSA's technical staff, my only involvement with our marketing department is offering advice, which is often ignored. Thus I'm not going to discuss the goodness or badness of anything the company does. Neither will I discuss the goodness or badness of for-profit versus not-for-profit status. If the readers expect a discussion of the pros and cons of ICSA's certification testing versus either Underwriter Laboratories or Consumer Reports, they will be disappointed. I discuss what is, not what isn't. Summary: ICSA Inc is a business. Our name used to be the National Computer Security Association, Inc. We have always been a for-profit company. We are, and always have been, a membership organization. At one time we were an active sponsor of several conferences annually, but we now co-sponsor only a handful. We have formed consortia of information security product vendors and we do certification testing of their products; it's an important part of our business. We have never been a government agency nor have we ever been associated with the University of Illinois, Champagne-Urbana. We publish a mass-market magazine that previously was a members-only newsletter. The ICSA home page is http://www.icsa.net one click from that is the "About ICSA" page: http://www.icsa.net/about_icsa/ The National Computer Security Association (NCSA) was incorporated in 1989 by David Stang. It has always been a for-profit company. The early history of the organization was chiefly focused on the anti-virus vendor sector of the computer security industry. For business reasons, Mr. Stang sold the company to its present owners in 1991. Dr. Peter Tippett, formerly of Certus Anti-virus (which was bought out by Central Point which in turn was bought out by Symantec) became NCSA's President in 1995. During the early '90's the primary focus of the company shifted from anti-virus vendors to a membership organization. The company sponsored several computer security related conferences annually. The company established several discussion areas on CompuServe for the computing public and for NCSA members. One of the common themes from our members was, "which is the best anti-virus to use?" Substitute other computer security products for "anti-virus" in the previous sentence as we received a wide variety of these questions. A business decision was made to begin computer security product testing. This began by forming a consortium of anti-virus vendors, establishing baseline criteria for the performance of their products and testing their products versus these criteria. We incrementally change the criteria to deal with current conditions and with the intent to improve the overall quality of the tested products. The company charges vendors to participate in these consortia and charges them to test their products. The costs vary by product and by consortium. This remains an important part of our business. Current product certification information can be found at: http://www.icsa.net/services/product_cert/ On Jan 1, 98 the National Computer Security Association Inc. formally changed it's name to ICSA Inc. NCSA had members from countries other than the US almost from its inception. NCSA had its first international office in Montreal in 1991. Recently, we've added offices in Tokyo and Amsterdam. The name change simply reflects the international nature of the organization and our clientele. The company suffered from considerable name confusion as NCSA. We were confused with several US government entities including the National Security Agency, the National Computer Security Center and the National Institute of Standards and Technology. We were confused with the National Center for Supercomputer Applications at the University of Illinois Champagne-Urbana. At one time, the top five search expressions on the search engine on the old www.ncsa.com web site included both "Apache" and "mosaic." However "NCSA" was the company's registered trademark since 1989. Since the name-change, I think we have relinquished that trademark. We are not the International Chinese Statistical Association (icsa.org) nor the International Customer Service Association (icsa.com). We have a legal doing business as (DBA) as the International Computer Security Association. Anyone can become a dues-paying member of the International Computer Security Association. See: http://www.icsa.net/membership/ While membership is no longer our central focus, it is still an important part of who we are and what we do. We co-sponsor conferences with the Gartner Group, but they are no longer our central focus. We still do product testing. Our central focus is a product we call TruSecure, for more information on it see: http://www.icsa.net/services/trusecure/ The "NCSA News" was a members-only publication and the official publication of NCSA. It came out "about" quarterly and included articles from NCSA staff and other members. A business decision was made in late 1997 to expand the "NCSA News" into "Information Security" monthly magazine. The first issue was in Dec 97. "Information Security" is the official publication of ICSA. The offices of the magazine are in Norwood, MA, not co-located with any of the other ICSA offices. No officer in ICSA exercises editorial control over the magazine. The editorial board for the magazine is listed in each issue. Flipping through two recent issues, there is a single one-page advertisement in each issue for TruSecure. Other than that one ad, the masthead is the only other mention of ICSA. What little contact I've had with the magazine's staff leads me to believe they have a journalist's ethic of unbiased reporting and they have no desire to be ICSA cheerleaders. ICSA, as a for-profit company, makes its decisions as a business would. There is no prima facie incompatibility between being an association and being for-profit. The American Banking Association, among others, is for profit. There are several for-profit associations in the real estate business. It's not obvious, from a few minutes browsing, what the for profit statuses of the American Bar Association or the American Medical Association are. -----BEGIN PGP SIGNATURE----- Version: PGP Personal Privacy 6.0.2 iQCVAwUBNqVcLPGfiIQsciJtAQFGQgP9E8+pQ/8759oJW7ukJdzg5a8TD3zMCBqK gXuary3s6rP+3aqw1hJivIOj94SAGbBwDRotU/sz6aDCl5ZCvHcIEis+vhN06KAh VwZocj8Wj8JsCB/oHo78zYamq/9srCb/i4YHLX8oWRK+J95uHHW8RPRzhajgzpbz jiYMJ2v920Y= =RFIk -----END PGP SIGNATURE----- Regards, Dave Kennedy CISSP http://www.icsa.com Protect what you connect. Look both ways before crossing the Net.
Current thread:
- N/ICSA Name Game (long) David Kennedy CISSP (Jan 20)