This paper proposes a conceptual model to support decision makers during security analysis of Internet of Things (IoT) systems. The world is entering an era of ubiquitous computing with IoT being the main driver. Taking into account the scale of IoT, the number of security issues that are arising are unprecedented. Both academia and industry require methodologies that will enable reasoning about security in IoT system in a concise and holistic manner. The proposed conceptual model addresses a number of challenges in modeling IoT to support security analysis. The model is based on an architecture-oriented approach that incorporates sociotechnical concepts into the security analysis of an IoT system. To demonstrate the usage of the proposed conceptual model, we perform a security analysis on a small scale smart home example.