Considered is the issue of security for power facilities and assessment of their threats, vulnerabilities, and risks through digital indicators. An information security management system can be implemented either by itself or inside an integrated management system. Information security requirements include threat and vulnerability estimation and risk management requirements.