This report presents a method for modelling a computer system from a security perspective. The questions that are going to be treated are:

• What defines a secure system and how does the company relate to these factors?

• What are the threats today based on hardware/software, human factors and company routines/policies?

• What measures should be taken for the organisation to reach a higher level of security for their systems?

• How do we develop a method for classification of security and what components should it contain?

• What changes are reasonable and necessary with the respect to the company’s resources?

The report has been done through interviews and analysis of existing systems on Fläkt Woods AB. From analysis of material, the aspects judged relevant to the subject and to the company’s needs, have been compiled to a document. It is a model for guidelines to work with security classification of IT-systems.

The combination of the method for information and the security classification has been clear through the work on the rapport. The method that has been developed for work with security classification of IT systems can therefore not be used as an isolated occurrence to reach the wanted results but should be integrated with the existing classification of information.

Our conclusions are reflected by the complexity of the project together with the fact that computer security is a topic that includes all parts in an IT- supported organisation. The analyses have given us a good picture of the threats to an organisation. It has clearly been shown, that much security related problems are based on direct organisational problems such as the lack of resources and requirements of system specific guidelines and policies.