(1) Whether his department has identified measures to deal with cyber security concerns; if not, why not; if so; (2) whether his department has developed a policy framework in this regard; if not, why not; if so, what are the relevant details; (c) whether the department has begun implementation of the policy framework; if not, why not; if so, what are the relevant details?