A security framework assists in the design and implementation of a security infrastructure by providing guidance on information security governance and defining roles for organizations and personnel. It establishes best practices for the design and oversight of security controls to protect an organization's data, systems and networks. A framework outlines policies and procedures for security management, risk assessment, access controls, training, and incident response.