To reach and maintain adequate levels of security in the information systems of the Swedish Armed Forces is crucial. Therefore, the associated authorization and accreditation processes must be efficient and effective. Within the authorization and accreditation processes several decisions are based on the anticipated result on the security levels of the systems. Adequate bases for these decisions require the ability to assess the resulting security levels. Efficient and effective assessment of information security requires methods which fulfills the needs of the users and, at the same time, reflects the reality. The purpose of this report is to decide the relevance and validity of methods for information security assessment. The studied methods are found in the processes for compilation of data for authorization decision B2. The main contributions of this report are the following.  An overview of the process for compilation of data for authorization decision B2.  Descriptions of the sub-processes for security requirements engineering and vulnerability analysis.  Analysis of the relevance and validity of the methods for security assessment included in the sub-processes for security requirements engineering and vulnerability analysis.