Cyber-physical systems (CPS) are a various collection of ICT and embedded microprocessors which are communicated to the physical world via sensors and actuators. CPS systems utilized in many of the critical infrastructures including the smart grid. The remote activities of the smart grid's CPSs are monitored and controlled by specialized computing system called Industrial Control Systems (ICS) or Supervisory Control And Data Acquisition (SCADA) systems (ICS/SCADA). Hence, it's crucial to keep ICS/SCADA system safe and secure to prevent any cyber-attack causing a physical hazard to the smart grid which might affect the human life, national safety or economy. The ICS/SCADA system should be designed and implemented following the most practical security practices as defined by well-known standards, guidelines, best practices, and policies. In addition, there are a numerous number of security knowledge's resources suggesting various methods protect ICS/SCADA systems. However, these overloaded and scattered information will create difficulties for the organization to grasp the full picture of the ICS/SCADA's security issues and the protection requirements which might lead to wrong, incomplete, or weak decisions. The main objective of this research is to develop a conceptual security framework to protect the ICS/SCADA systems in a smart grid environment. The proposed framework aims to help security professionals to add, reshape or build new security program for whole ICS/SCADA infrastructure, The proposed framework was developed by reviewing related studies, standards and utilizing our IT security working experience. Also, we used qualitative approach and Design Science Research Paradigm (DSRP) methodology to build the proposed framework. The framework has the limitation of not able to be tested, validated and evaluated due to several reasons such as; scope of this research, resource limitation and access restrictions to the controlled ICS/SCADA infrastructure.