Usually, security analysis is mainly done at the implementation phase of system development. In this paper, we propose an universal approach of security analysis at the design phase based on traceability established among security threats, measures for threats and SysML diagrams.