The paper describes “a model-based approach to the risk assessment of a critical infrastructure, where the model is focused on a hypergraph that describes the security dependency among components”. The case of information and communication infrastructure has been considered. However, as the authors claim, the proposed approach has general characteristics. It has been proposed for the adoption “a hierarchical approach where each component may be decomposed into a number of simpler components. This is modeled by replacing a node of the hypergraph by a further hypergraph.” Authors have “introduced alternative conditions that define when the results of the assessment before the decomposition can be preserved and integrated with those of analysis focused on the newly introduced hypergraph and on the dependencies it describes”.