There is no overarching careers and qualifications framework for information security, and the IT security best-practice scene is confusing to most corporate IT users.
Several high-powered groups are aiming to raise the level of professionalism in information security. These range from the supplier dominated Saint (Security Alliance for the Internet), to the Jericho corporate user group. Other groups include the Cabinet Office's Information Assurance initiative, the US-based (ISC)2, the auditor-based group Isaca and the British Computer Society.
There is also a plethora of qualifications, such as the certified IS security professional and certified IS auditor accreditation.
But all this activity takes place outside any structured framework, and so lacks the industry-wide recognition needed by IT security professionals.
Icaf, a spin-off from the Communications Management Association, aims to expand its role in a bid to become the hub for IT security professionalism in the UK and overseas.
Icaf was established two years ago to "promote best practice in the security of information, the resolution of IT-related disputes and the solution of IT-related crime". Its main focus is to provide an international framework within which professional qualifications are certificated, experience is recognised, and careers are structured and enhanced.
The organisation's board members include Royal Bank of Scotland, Apacs and the National Hi-Tech Crime Unit. It is sponsored by the DTI, and is registered with Companies House as a professional institute.