Such a shared framework would need to address and situate risk analysis and risk management concerning the vulnerability of information and related services, the alignment of laws and regulations associated with computer/telecommunications abuse and misuse, administrative infrastructures including security policies, and how these may be effectively implemented by various industries/disciplines, and social and privacy concerns (e.g. the application of identification, authentication, non-repudiation and possibly authorization schemes in a democratic environment).
Znotraj tega okvira bi se morala obravnavati in preučiti analiza in obvladovanje tveganja v zvezi z ogroženostjo informacijskih in sorodnih storitev, uskladitvijo zakonov in drugih predpisov o zlorabi in napačni uporabi informatike in telekomunikacij, upravnimi infrastrukturami, skupaj z varnostnimi politikami in načinom njihovega uspešnega uvajanja v razne industrije in discipline ter v zvezi z družbenim življenjem in varstvom informacijske zasebnosti (na primer uporaba sistemov za ugotavljanje identičnosti, avtentifikacijo, nezatajljivost in morebitno dovoljenje v demokratičnem okolju).