At CERT, Robert Ellison and Carol Woody are working on a system framework method that I think the security industry should note - the Survivalbe Analysis Framework. I think it is interesting as it falls in line with some research I have been doing on distributed attacks to web systems. In SAF, Ellison and Woody are interested in looking beyond the security of a single-system which may have implemented security for a specific threat - but when reviewed as a part of a bigger system may be vulnerable. 

 Take a look at the framework and let me know what you think.