This report is concerned with the study of different activities related to the analysis of IT-systems in critical infrastructure from a security perspective. These kind of activities are relevant in the preventive security work. Relevant activities are for instance termed risk analysis, security analysis and vulnerability analysis. A set of methods are considered and assessed in relation to their importance to Swedish national IT security work within the Swedish critical infrastructure.