Through proposing the CISSA schema and constructing initial scenarios that are based from real-world case studies that range from network-travelling worms or large-scale hacktivism, CISSA could be assessed as to whether it could be useful for model-based security assessment research and innovations. Experiments and analysis are an initial attempt to gain evidence on the benefits of using CISSA. More effort and participation from the security assessment community will be required to fully demonstrate CISSA's advantages, identify potential pitfalls, and propose refinements.