The article discusses the importance of protecting information within organizations through an Information Security Management System. This system aims to establish, implement, and maintain security measures to prevent unauthorized access to information. The researchers identify different types of risks to information systems and provide recommendations for maintaining information security. The key focus is on designing and implementing effective security measures to safeguard sensitive information within organizations.