Risk management is a crucial process for the development of secure systems. Valuable objects (assets) must be identified and protected. In order to prioritize the protection mechanisms, the values of assets need to be quantified. More valuable or exposed assets require more powerful protection. There are many risk assessment approaches that aim to provide a metric to generate this quantification for different domains. In software systems, these assets are reflected in resources (e.g., a file with important information) or functional software components (e.g., performing a bank transfer). To protect the assets from different threats like unauthorized access, other software components (e.g., an authenticator) are used. These components are essential for the asset's security properties and should therefore be considered for further investigation such as threat modeling. Evaluating assets only at system level may hide threats that originate from vulnerabilities in software components while doing an extensive threat analysis for all the system's components without prioritization is not feasible all the time. In this work, we propose a metric that quantifies software components by the assets they are able to access. Based on a component model of the software architecture, it is possible to identify trust domains and add filter components that split these domains. We show how the integration of the methodology into the development process of a distributed manufacturing system helped us to identify critical sections (i.e., components whose vulnerabilities may enable threats against important assets), to reduce attack surface, to find isolation domains and to implement security measures at the right places.