This volume contains the post-proceedings of the Second International Workshop on Critical Information Infrastructure Security (CRITIS 2007), that was held during October 3–5, 2007 in Benalmadena-Costa (Malaga), Spain, and was hosted by the University of Malaga, Computer Science Department. In response to the 2007 call for papers, 75 papers were submitted. Each paper was reviewed by three members of the Program Committee, on the basis of significance, novelty, technical quality and critical infrastructures relevance of the work reported therein. At the end of the reviewing process, only 29 papers were selected for pres- tation. Revisions were not checked and the authors bear full responsibility for the content of their papers. CRITIS 2007 was very fortunate to have four exceptional invited speakers: Adrian Gheorghe (Old Dominion University, USA), Paulo Veríssimo (Universidade de L- boa, Portugal), Donald Dudenhoeffer (Idaho National Labs, USA), and Jacques Bus (European Commission, INFSO Unit "Security"). The four provided a high added value to the quality of the conference with very significant talks on different and int- esting aspects of Critical Information Infrastructures. In 2007, CRITIS demonstrated its outstanding quality in this research area by - cluding ITCIP, which definitively reinforced the workshop. Additionally, the solid involvement of the IEEE community on CIP was a key factor for the success of the event. Moreover, CRITIS received sponsorship from Telecom Italia, JRC of the European Commission, IRRIIS, IFIP, and IABG, to whom we are greatly indebted.