Threat analysis and risk mitigation in the fast moving field of IT security is time consuming, complex and demands expert knowledge. High quality security concepts are crucial for every business nowadays, but small and medium enterprises often do not have the resources to develop and implement them appropriately. We present an approach that allows simulating threats to corporate assets, taking the entire infrastructure into account. Using this approach effective countermeasures and their costs can be calculated quickly without expert knowledge and a subsequent security decision will be based on objective criteria.
