Modern society is becoming increasingly dependent on IT services. Functioning IT services now underpin aspects of all human endeavors, from work to leisure, from private to public sector, and from Andorra to Zanzibar. When these services stop functioning, whether by non-malicious mistakes or by malicious attacks, consequences are immediately felt and effects ripple through interconnected IT service orchestrations, integrated supply chains, and interdependent businesses processes across the globe. In this sense, IT services are becoming a critical infrastructure, much like roads, electricity, tap water, and financial services. As a result, there is much research dedicated to preventing IT outages and ensuring business continuity. Whereas in the early years of computing hardware outages were the main culprit behind downtime, since the 1980s, IT administration and software errors have become predominant causes of outages (Gray, 1990) along with human errors (Pertet and Narasimhan, 2005). With the advent of service oriented and cloud computing, much effort has gone into the investigation of how to optimize quality of service in these settings (Casalicchio et al., 2013), including how to learn from past incidents in order to offer better future services (Kieninger et al., 2013). From a traditional reliability engineering perspective, risk management of IT outages have been endowed with studies of statistical distributions of IT outages and the importance of knowing them (Franke et al., 2014; Snow and Weckman, 2007; Snow et al., 2010). To prevent or mitigate malicious attacks, research is constantly ongoing in areas like intrusion detection systems (Liao et al., 2013), threat detection (Virvilis and Gritzalis, 2013), and cyber security in industrial control systems (Knapp and Langill, 2014).