This study proposes a stochastic Petri net model for evaluating the security and resilience of cyber-physical systems (CPSs) in the face of malicious attacks. The basic idea behind the proposed model is to evaluate the security of control loops equipped with intrusion detection systems (IDSs) faced with security attacks. The quantitative analysis is performed in terms of system-focused quantitative security measures, such as mean time-to-failure and availability. By using this model, one can investigate the effects of some attacks and defensive parameters, including the detection interval, the time to physical disruption, and the false-positive probability of IDSs. This evaluation results can help to improve the security countermeasures of CPSs.