A Comprehensive Framework for the Security Risk Management of Cyber-Physical Systems