utilizing network spanning tree configuration information to determine an action for mitigating diffusion of intrusive attacks between components associated with a network, wherein said spanning tree information includes an indication of a first internal diffusion risk and a second internal diffusion risk, wherein said first internal diffusion risk is a risk of a first attack diffusing from a first component associated with said network to a second component associated with said network and said second internal diffusion risk is a risk of a second attack diffusing from a third component associated with said network to said second component;

using said internal diffusion risks to determine that there is a higher risk of said first attack diffusing from said first component to said second component than said second attack diffusing from said third component to said second component; and

using said network spanning tree configuration information to perform said action for mitigating diffusion of intrusive attacks automatically at least in part by mitigating said first attack before mitigating said second attack, wherein said action for mitigating includes compensation for functional support of an application associated with said second component that has priority over another application.