Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

N/ICSA Name Game (long)

From: David Kennedy CISSP <dmkennedy () compuserve com>
Date: Tue, 19 Jan 1999 23:39:57 -0500
-----BEGIN PGP SIGNED MESSAGE-----

<sigh>
        The purpose of this post is to provide some factual information
regarding ICSA Inc, formerly known as the National Computer Security
Association, Inc.  I do not intend to create or extend any discussion
threads.  I do not intend to respond to follow-ups.  Take it or leave
it; my attempt is to be as objective as possible.  
        I am part of ICSA's technical staff, my only involvement with our
marketing department is offering advice, which is often ignored.  Thus
I'm not going to discuss the goodness or badness of anything the
company does.  Neither will I discuss the goodness or badness of
for-profit versus not-for-profit status.  If the readers expect a
discussion of the pros and cons of ICSA's certification testing versus
either Underwriter Laboratories or Consumer Reports, they will be
disappointed.  I discuss what is, not what isn't.

Summary:  ICSA Inc is a business.  Our name used to be the National
Computer Security Association, Inc.  We have always been a for-profit
company.  We are, and always have been, a membership organization.  At
one time we were an active sponsor of several conferences annually,
but we now co-sponsor only a handful.  We have formed consortia of
information security product vendors and we do certification testing
of their products; it's an important part of our business.  We have
never been a government agency nor have we ever been associated with
the University of Illinois, Champagne-Urbana.  We publish a
mass-market magazine that previously was a members-only newsletter.  

        The ICSA home page is http://www.icsa.net  one click from that is the
"About ICSA" page:  http://www.icsa.net/about_icsa/  
        The National Computer Security Association (NCSA) was incorporated in
1989 by David Stang.  It has always been a for-profit company.  The
early history of the organization was chiefly focused on the
anti-virus vendor sector of the computer security industry.  For
business reasons, Mr. Stang sold the company to its present owners in
1991.  Dr. Peter Tippett, formerly of Certus Anti-virus (which was
bought out by Central Point which in turn was bought out by Symantec)
became NCSA's President in 1995.  
        During the early '90's the primary focus of the company shifted from
anti-virus vendors to a membership organization.  The company
sponsored several computer security related conferences annually.  The
company established several discussion areas on CompuServe for the
computing public and for NCSA members.  One of the common themes from
our members was, "which is the best anti-virus to use?"  Substitute
other computer security products for "anti-virus" in the previous
sentence as we received a wide variety of these questions.  
        A business decision was made to begin computer security product
testing.  This began by forming a consortium of anti-virus vendors,
establishing baseline criteria for the performance of their products
and testing their products versus these criteria.  We incrementally
change the criteria to deal with current conditions and with the
intent to improve the overall quality of the tested products.  The
company charges vendors to participate in these consortia and charges
them to test their products.  The costs vary by product and by
consortium.  This remains an important part of our business.
        Current product certification information can be found at:
http://www.icsa.net/services/product_cert/
        On Jan 1, 98 the National Computer Security Association Inc. formally
changed it's name to ICSA Inc.  NCSA had members from countries other
than the US almost from its inception.  NCSA had its first
international office in Montreal in 1991.  Recently, we've added
offices in Tokyo and Amsterdam.  The name change simply reflects the
international nature of the organization and our clientele.  
        The company suffered from considerable name confusion as NCSA.  We
were confused with several US government entities including the
National Security Agency, the National Computer Security Center and
the National Institute of Standards and Technology.  We were confused
with the National Center for Supercomputer Applications at the
University of Illinois Champagne-Urbana.  At one time, the top five
search expressions on the search engine on the old www.ncsa.com web
site included both "Apache" and "mosaic."  However "NCSA"  was the
company's registered trademark since 1989.  Since the name-change, I
think we have relinquished that trademark.  We are not the
International Chinese Statistical Association (icsa.org) nor the
International Customer Service Association (icsa.com).
        We have a legal doing business as (DBA) as the International Computer
Security Association.  Anyone can become a dues-paying member of the
International Computer Security Association.  See: 
http://www.icsa.net/membership/  While membership is no longer our
central focus, it is still an important part of who we are and what we
do.  We co-sponsor conferences with the Gartner Group, but they are no
longer our central focus.  We still do product testing.  Our central
focus is a product we call TruSecure, for more information on it see:
http://www.icsa.net/services/trusecure/  
        The "NCSA News" was a members-only publication and the official
publication of NCSA.  It came out "about" quarterly and included
articles from NCSA staff and other members.  A business decision was
made in late 1997 to expand the "NCSA News" into "Information
Security" monthly magazine.  The first issue was in Dec 97.  
        "Information Security" is the official publication of ICSA.  The
offices of the magazine are in Norwood, MA, not co-located with any of
the other ICSA offices.  No officer in ICSA exercises editorial
control over the magazine.  The editorial board for the magazine is
listed in each issue.  Flipping through two recent issues, there is a
single one-page advertisement in each issue for TruSecure.  Other than
that one ad, the masthead is the only other mention of ICSA.  What
little contact I've had with the magazine's staff leads me to believe
they have a journalist's ethic of unbiased reporting and they have no
desire to be ICSA cheerleaders.  
        ICSA, as a for-profit company, makes its decisions as a business
would.  There is no prima facie incompatibility between being an
association and being for-profit.  The American Banking Association,
among others, is for profit.  There are several for-profit
associations in the real estate business.  It's not obvious, from a
few minutes browsing, what the for profit statuses of the American Bar
Association or the American Medical Association are.

-----BEGIN PGP SIGNATURE-----
Version: PGP Personal Privacy 6.0.2

iQCVAwUBNqVcLPGfiIQsciJtAQFGQgP9E8+pQ/8759oJW7ukJdzg5a8TD3zMCBqK
gXuary3s6rP+3aqw1hJivIOj94SAGbBwDRotU/sz6aDCl5ZCvHcIEis+vhN06KAh
VwZocj8Wj8JsCB/oHo78zYamq/9srCb/i4YHLX8oWRK+J95uHHW8RPRzhajgzpbz
jiYMJ2v920Y=
=RFIk
-----END PGP SIGNATURE-----

Regards,

Dave Kennedy CISSP
http://www.icsa.com
Protect what you connect.
Look both ways before crossing the Net.
Previous By Date Next
Previous By Thread Next

Current thread: