When presented with an attack graph, network administrator may raise question on how to harden the network. To defend his network, network administrator should be supplied with list of all attack paths that can compromise the network. With this list, he can decide which paths are worth paying attention to and defending against. In the event of limited resources, network administrator may only be interested in certain critical paths which cause worst network attack. Attack graph alone is not always helpful on its own and needs additional work for this purpose. In this paper we present the use of a Fuzzy Cognitive Map which is converted from attack graph with genetic algorithm to find attack scenarios causing worst impact on network security. The identified scenarios can then help network administrator to mitigate risks associated with the attack scenarios and improve his network security. Springer-Verlag Berlin Heidelberg 2012.