IT security is an issue of vital importance for all IT-based systems. As IT is penetrating the society, IT security becomes increasingly important. Unfortunately, IT security is intrinsically difficult to handle and motivate. Security assessment is a central ability in the striving for adequate levels of IT security in systems. In this report, an effort to enable system-wide IT security assessment is described. The presented results include: A study of current security evaluation methods. Terminology for the area of security assessment. A framework for system security assessment. A method for system security assessment. A framework for system component security assessment. A method for system component security assessment.