Drone expansion needs to be considered as a menace in cases of negligent, illicit, or non-cooperative use. In the case of airports, a complete protection against drone intrusion should rely on an intrusion management system, aiming at avoiding the closure of the airport. This system requires the setting of proper risk assessment methodologies for airport operations, to explicitly consider the features of drone intrusion, possibly from a quantitative point of view. This work proposes a methodological framework for the risk assessment of drone intrusions in airports, tailored on drone-intrusion features, airport features, and current operations, and considering both safety-related and security-related causes. The framework is based on the combination of model-based and data-driven approaches in order to: (i) estimate an airport vulnerability index, to measure the susceptibility of the airport to drone intrusions, based on reference datasets; (ii) specify a set of event trees to evaluate the risks of the different threat scenarios related to drone intrusions. The proposed methodological framework is applied to a concrete case study, related to Milan Malpensa airport. The achieved results show the effectiveness of the approach and elicit further requirements for counter-drone systems in airports based on the assessed risks.