Despite a growing awareness of security issues in networked computing systems, most development processes used today still do not take security aspects into account. To address this problem, we designed a process for developing secure networked systems based on the extension of the Unified Modeling Language (UML) for secure systems development UMLsec and on the concept of model-based risk assessment (MBRA). Enterprise information such as security policies, business goals, policies and processes are supported through activities in the model-based integrated development process. These are then refined to security requirements at a more technical level, which can be expressed using UMLsec, and which can be analysed mechanically using the tool-support for UMLsec.