Security metrics and security assessment techniques for the computer networks on the base of the attack graphs.

The paper considers the last researches in the area of the security metrics. Classifica-tion of the known metrics is suggested. Multilevel approach to the security assessment is suggested. It is based on the attack graphs and service dependencies graphs. The approach allows evaluating different aspect of the system security considering its topology, operation mode, historical data about incidents and other information.