Performing a thorough security risk assessment of an organisation has always been challenging, but with the increased reliance on outsourced and off-site third-party services, i.e., ``cloud services'', combined with internal (legacy) IT-infrastructure and -services, it has become a very difficult and time-consuming task. One of the traditional tools available to ease the burden of performing a security risk assessment and structure security analyses in general is attack trees, a tree-based formalism inspired by fault trees, a well-known formalism used in safety engineering. In this paper we study an extension of traditional attack trees, called attack-defense trees, in which not only the attacker's actions are modelled, but also the defens...