Public services called "e-anything" (e-government, e-army, e-banking, e-commerce, e-logistic, etc.) meet many different barriers, which reduce their efficient applicability. One of them is requirement of assurance of the information security when it is transmitted, transformed, and stored in an electronic service. Creating proper information security systems is a complex process. Usually, it is ... [Show full abstract] preceded by risk analysis by means of which one can create system with a proper protection level. In a mentioned process, the important element is to calculate the probability of threat occurrence and then probability of incident occurrence as a combination of threats . In the paper we present the model by means of which we can calculate the probabilities of incidents occurrence. As an example of application of the general procedure, we present the analysis for the model of a cryptographic protocol realizing e-auction .