Assessing cyber risk using the CISIApro simulator