In this paper, we propose a new approach to manage the threats brought by an IoT infrastructure to a legacy information system (IS). We first give a state of art for information security properties in IoT and IS based on standards such as ISO 16982 and ISO 27005 and a previously published taxonomy. Then we detail an innovative method, based on the evaluation of threats brought by an IoT infrastructure onto an IS. It is represented as a qualitative matrix between IoT infrastructure threats and the Security properties of the IS. The method is then applied to the use case of connected light bulbs. Thanks to this approach, it is possible to logically organize threat management while integrating an IoT infrastructure into an IS.