The authors recommend to quantify the security of a complex system by first quantifying the security of its components, and, in a second step, by calculating the overall security according to a given method. This paper summarizes the state of the art of security measures for components and presents a new method for combining these measures into the system’s security. The proposed method starts with an intuitive graphical representation of the system. This representation is converted into an algebraic expression using abstract AND, OR, and MEAN operators. Applying application-dependent semantics to these operators will allow for an evaluation of the model.