Scientific abstract

Yu Xu
This thesis explores the business structure and dependencies within a bank using Business Impact
Analysis (BIA) and Business Continuity Risk Analysis (BCRA). The aim is to investigate
criticality and vulnerability to damage of its components. In the first stage we query the
connections between processes of interest and buildings or applications where damages and
attacks observed are stored in a business graph database. Subsequently, the structure can be
transformed into a quantitative world where centralities are computed to show the properties of the
network. Furthermore, we build a Bayesian network in the second stage, which involves
probabilistic analysis of business continuity management (BCM). The risk probabilities are
estimated and the dependencies of business components are represented by conditional
probabilities. In addition, to answer the probability questions given evidence, i.e. value of certain
components, Bayesian inference algorithms are proposed. In order to validate the accuracy of
input parameters, we present a sensitivity analysis to examine their interactions. An application of
the probabilistic model is the Value at Risk (VaR) that combines risk probability distributions and
loss distributions to calculate the maximum loss for which the likelihood does not exceed a certain
confidence level.