Introduction: Any computer without special protection exchanging data with other computers, especially when using the Internet, is bound to be infected with malware and, as a result, its performance will be reduced or impossible and/or taken under control.

Objectives: The purpose of this article is to define information security is to protect data information and sup-porting infrastructure from accidental or intentional interference which can cause the loss of information or its unauthorized modification and in case of force majeure - to minimize the damage caused by such actions.

Methods: General scientific methods were used in the course of the study, including the structural-logical method, analysis and synthesis.

Results: Noted the need for regular independent information security audit in the institution to assess the real state of cybersecurity in the institution, the ability to withstand constantly changing and adapting the external and internal threats to information security, as well as for timely recommendations for bringing and improving the protection of systems in line with certain requirements.

Conclusions: Thus, it is worth noting this article reveals the main stages of the methodology in the institution on the information security effectiveness, and some of the indicators, offered coefficients require additional study and research, which is a promising direction to further research.