The utilities sector, considered a critical infrastructure for Society, increasingly depends on large-scale and distributed information infrastructures for its operations and services. This paper describes a methodology, together with a case study, for the analysis and mitigation of security risks of remote control applications that make use of the Internet as communications infrastructure. The methodology is derived from state-of-the-art risk management and security standards such as the Common Criteria and ISO/IEC 17799. It emphasizes the informational dependency aspect as the main driver for the risk analysis. In addition, the methodology proposes a systematic approach for classifying threats and attacks and for discriminating between these two concepts based on the difference between information assets and the infrastructure needed for communicating and processing those assets. The evaluation of their relevance vis-à-vis the technical architecture of the remote control system of the utility case study, allows for the identification of the security functions needed to assure business continuity. Keywords Security, risks, threat assessment, critical infrastructures, information assets