Quantitative Hazard Analysis of Information Systems Using Probabilistic Risk Analysis Method

Hazard analysis identifies probability to hazard occurrence and its potential impact on business processes operated in organizations. This paper illustrates a quantitative approach of hazard analysis of information systems by measuring the degree of hazard to information systems using probabilistic risk analysis and activity based costing technique. Specifically the research model projects probability of occurrence by PRA and economic loss by ABC under each identified hazard. To verify the model, each computerized subsystem which is called a business process and hazards occurred on information systems are gathered through one private organization. The loss impact of a hazard occurrence is produced by multiplying probability by the economic loss.