When a security incident is reported, identifying the point-of-breach is critical to figure out what an attacker might do next. Besides, the information related to the resources and levels of privilege acquired as a result of the breach, is essential to re-create the process. Such information is also crucial to planning a defense in real-Time. To this end, we need to determine the following parameters associated with the system under attack, viz., a breach probability determined from the success of past cyber-Attacks, the attack matrix which is dependent on the system design that decides the types of attacks and the associated modalities that the system may be susceptible to under standard conditions, and the access matrix which is determined by the access privileges that get granted when an attack succeeds. In this paper, we introduce the breach-point detection problem and present a model based on Bayes' conditional probability to identify the point-of-breach on a system impacted by a cyber-Attack. We evaluate the probability associated with likely points-of-breach in the rest of the system based on the knowledge of its design and estimate the posterior probabilities associated with the points so identified based on the system parameters outlined earlier. We also determine the most probable point-of-breach and its posterior probability using our model. We demonstrate the use of our model by way of a numerical example. Finally, we illustrate the generalization of this approach to an arbitrary system and outline a method to compute its system parameters, viz., the breach probability, the attack matrix and the access matrix. © 2015 IEEE.