With the increasing focus on security in information systems, it is becoming necessary to be able to describe and compare security attributes for different technologies. Existing are well-described and comprehensive, but expensive and resource demanding to apply. The Security Evaluation for Compliance (SEC) model offers a lightweight alternative for use by decision makers to get a quick overview of the security attributes of different technologies for easy comparison and requirement compliance evaluation. The scientific contribution is this new approach to security modelling as well as a comparison with existing methods.