Design and development of the organisation's internal security normative framework and developing a security policy.