In our complex world today almost all critical infrastructures are interdependent and thus vulnerable to many different external and internal risks. To protect them against the greatest risks, a well-functioning risk management process is required to develop appropriate safety and security strategies. There are many wellestablished risk analysis methods existing. They predominantly apply empirical models and statistical data to quantify the risks. Within the realms of natural or aleatory risks this approach is considered suitable and functional. However, it could be a fatal flaw to apply such conventional, history-orientated models in order to assess risks that arise from intelligent adversaries such as terrorists, criminals or competitors. Approaches of classic risk analysis generally describe adversaries’ choices as random variables, thus excluding the adversaries’ behaviour and ability to adapt to security strategies. One possibility for considering human behaviour when analysing risks is the recourse to game theory. Game theory is the paradigmatic framework for strategic decision-making when two or more rational decision-makers (intelligent adversaries) are involved in cooperative or conflictive decision situations. ... mehrIn our study we propose an approach for combining a classic risk analysis method with a game-theoretic approach. Using a defenderoffender game as a basis, we simulate, exemplary for a terrorist attack against public transport, the behaviour and reactions (to applied security strategies of the defender) of a rational player acting as an adversary. Although risk analysis and game theory are very different methodologies, we show that linking them can significantly improve the quality of forecasts and risk assessments. If the behaviour and reactions of intelligent adversaries need to be considered, our approach contributes to enhance security through improving the allocation of scarce financial resources.