Engineering projects requires to consider the increasingly significant needs and constraints regarding expected behaviors, services, quality and security. These user requirements are mainly formulated as textual requirements, then analyzed and translated into system requirements by engineering teams. They are subsequently introduced into system and software engineering projects as functional and non-functional properties that must be satisfied by the designed system. Ensuring these requirements satisfaction implies rigorous processes that steer the project, from the requirements identification and definition to the system deployment and maintenance. Model-Based System Engineering (MBSE) formalizes the system development modeling process in terms of requirements, design, analysis, verification, and validation activities through the use of models. Moreover, MBSE is an effective approach to address security requirements and risk assessment at the requirement and modeling phases of the development life cycle. Assessing security risks in early system designs enables cost-efficient fixes. In this article, we introduce the main concepts of risk assessment, and we investigate how these concepts could be integrated into a general-purpose architecture modeling language for system engineering applications. To achieve this objective, we propose a Model-Based approach for cybersecurity Risk Assessment (MBRASec) method that comprises: A semantic alignment between risk assessment concepts and system modeling concepts; A modeling language extension to represent security concepts and metrics throughout the system modeling life cycle. We implemented our MBRASec as an extension of an industrial modeling language and workbench. To illustrate our approach, validate its applicability and evaluate its expressiveness, we applied it to our industrial partner’s example: an in-flight entertainment system.