Abstract Yu Xu 10311009 This thesis explores the business structure and dependencies within a bank using Business Impact Analysis (BIA) and Business Continuity Risk Analysis (BCRA). The aim is to investigate criticality and vulnerability to damage of its components. In the first stage we query the connections between processes of interest and buildings or applications where damages and attacks observed are stored in a business graph database. Subsequently, the structure can be transformed into a quantitative world where centralities are computed to show the properties of the network. Furthermore, we build a Bayesian network in the second stage, which involves probabilistic analysis of business continuity management (BCM). The risk probabilities are estimated and the dependencies of business components are represented by conditional probabilities. In addition, to answer the probability questions given evidence, i.e. value of certain components, Bayesian inference algorithms are proposed. In order to validate the accuracy of input parameters, we present a sensitivity analysis to examine their interactions. An application of the probabilistic model is the Value at Risk (VaR) that combines risk probability distributions and loss distributions to calculate the maximum loss for which the likelihood does not exceed a certain confidence level.