The objective of the present work is to present a Decision Support System (DSS) aimed at suggesting to a Critical Infrastructure (CI) operator the optimal configuration in terms of deployed security functionalities. For achieving this result, two specific problems have been addressed: the security evaluation problem and the security configuration computation problem. Concerning the first problem, by retaining the framework provided by the Open Source Security Testing Methodology Manual (OSSTMM), security has been characterized in terms of the Operational Security describing the lack of separation between assets and threats which is needed for operational reasons; in this respect, the description capabilities of such methodology have been extended in order to capture relevant security features (such as the components' lifecycle) and exploit the knowledge stored in vulnerability databases such as the Common Vulnerability Exposure (CVE). The inclusion of an extended version of the OSSTMM in the DSS allows to provide CI operators with a holistic insight on the system security level. Concerning the second problem, the DSS has been provided with an optimization framework based on a Genetic Algorithm (GA) for exploring the solution space; in this respect, three different implementations of the adopted GA have been developed and evaluated in realistic operational scenarios. Finally, the outputs of the DSS have been validated from a security point of view.