This article introduces an extended misuse case (EMC) model for privacy and security risks analysis and formally validates the model by means of colored petri nets (CPNs). The EMC model extends the use and misuse cases (UMCs) model with security and privacy requirements. The proposed EMC model and the CPNs instantiation deal with some of the shortcomings of the traditional UMCs which include lack of quality goals and formal validation techniques. The CPNs instantiation enables automatic detection of possible violation of privacy and security goals and can be extended to communicate risk to both technical and non-technical stakeholders. The CPNs and EMC models are illustrated with privacy and security risks contributing factors for identity management systems (IDMSs).