Assessing the Risk of an Information Infrastructure through Security Dependencie