One of the most critical steps in the risk analysis is evaluate the probability and impact of defined scenarios that could impact negatively in organizational processes. In this regard, one of the main objectives of the paper is to try to achieve, by using information theory, a quantitative approach (this is, a unit measure well-defined) for performing evaluations that incorporates the inherent and residual risk into one probability (and in the final evaluation, as consequence), and the margin of error as result of a wrong evaluation at the moment of assigning probabilities and/or in case of an event not considered as (sufficiently) probable occurs.
If you want an interface for evaluating the framework, you can find it here
Any comments, suggestion or whatever hhaha, just contact me! (luis.alfie@gmail.com)