International Association of Engineers
IT risk management currently plays more and more important role in almost all aspects of contemporary organizations' functionality. It requires reliable and cyclical realization of its key task which is risk analysis. Literature of subject presents problems of risk analysis in different way; the most often skipped or selectively treated the problem of quantitative methods application for the purpose of risk analysis. The paper presents the issue of one of the most significant stages of risk analysis which is IT risk assessment, especially focusing on chosen quantitative methods such as ALE (Annual Loss Expected) method, Courtney method, fisher's method, using survey research ISRAM model (Information Security Risk Analysis Method) and other derived ratios.