The close connection between safety and security has led to a growing interest in a combined handling of these two areas of research. The paper presents a roadmap for realizing such a combined handling. The conditions enabling a combined safety and security analysis are identified and used as starting point of the elaboration. Utilizing these properties, a theoretical framework unifying key aspects of both safety and security is developed, whereby a model-based approach is chosen using the DEVS (Discrete Event System Specification) paradigm. A drafted generalized notion of risk extends the framework. The validity and utility of the considerations are shown by discussing power grids as use case in the context of this framework. Opportunities for further research indicate options for continuing the roadmap.