In the domain of security risk assessment of critical infrastructures, a number of methodologies has been developed since the 9/11 terrorist attacks in the US. The majority of previous attempts have been devoted to assess the parameters of security risk particularly threat assessment and vulnerability assessment. Among the developed methodologies, the ones based upon Bayesian network, especially when coupled with utility theory and game theory, seem to outperform other techniques. This has been partly due to the capability of Bayesian network in combining objective and subjective information in modeling an uncertain system and partly owing to its ability in accounting for conditional dependencies among the components of the system. In the present chapter, we briefly discuss some previous work which has prominently contributed to the field, followed by some opportunities for further exploiting the features of Bayesian network in security risk assessment.