Icons, Inc. Firm Profile
A GartnerGroup analyst recently summed up the need for information security, especially on E-commerce systems, succinctly: "Security of an E-commerce system requires the same maintenance as running the system - it is never done, never closes and needs constant vigilance." There is an inherent assumption here that adequate analysis, planning, designing, testing, and deployment of security controls has taken place before a system goes in production. From our experience in the industry, this is not as often as one would like it to be. This "gap" is what the Icons team strives to address in each and every engagement. Information Security consulting services provided by Icons falls under three major categories:

1. E-commerce system security
2. Communications security
3. Messaging security

Under these broad categories the Icons team brings subject matter expertise in the following:

• Security Architecture Development
• Business Requirement Analysis
• Application Security Requirements Analysis
• Threat Assessment Studies
• Information Security Incident Response Planning
• Business Resumption Planning
• Business Impact Analysis

Icons, Inc. has provided assistance on e-commerce application and infrastructure security to the world's largest organizations since 1996. Icons offers information security management consulting services to the premier organizations in vertical markets such as insurance, financial services, banking, healthcare, package delivery, petroleum, and government.

Since its inception Icons has maintained an extremely high level of competency and strong relationships in the industry. E.g., Andrew Gray - Icons' Chief Technology Officer - lead a team that conducted a risk and cost-benefit analysis on the use of Public Key Infrastructures for the U.S. banking industry for presentation to Ira Magaziner (Senior Policy Advisor to President Clinton) and to the U.S. Comptroller of the Currency. This technology assessment was specifically conducted for "future" intra-bank transactions over the Internet.

Icons analysts have been trained and certified by almost all of independent entities offering security certifications. These analysts are Certified Information System Security Professionals (CISSP), Certified Information Systems Auditor (CISA) as well as Certified Business Continuity Planners (CBCP or formerly CDRP). Further, Icons team members have been trained and certified by National Security Agency (NSA) on the deployment of INFOSEC Assurance Methodology. The Icons team includes formally trained project managers with extensive practical experience and completion of the PMI (Project Management Institute) certification examination.