Threats identification plays an important role in information system design. This paper proposes an approach to analyse causes of threats using extended Ishikawa’s diagram. Several classes of causes are identified, introduced and put in example; each class containing several sub-classes. This causes analysis is part of a global threat-based approach which consists of three steps: identification, analysis, and treatment. Causes classification is used at the analysis step.