The book is the first complete Russian-language practical guide to the development of information security policies in domestic companies and organizations and differs from other sources, mainly published abroad, in that it consistently sets out all the main ideas, methods and methods for practical solutions to development issues , implementation and support of security policies in various Russian government and commercial structures. The book may be useful to heads of automation services (CIO) and information security services (CISO), responsible for approving security policies and organizing the information security regime; internal and external auditors (CISA); managers of the highest echelon of company management (TOP managers), who have to develop and implement security policies in the company; security administrators, system and network administrators, database administrators who are responsible for compliance with security rules in domestic corporate information systems. The book can also be used as a teaching aid for students and graduate students of relevant technical specialties.