The information environment of modern society covers all spheres of human activity and includes an enormous amount of information. Information security issues are most often considered in the context of national security, but it should be taken into account that one of the most active consumers and producers of information is the education sector, where the intellectual and moral potential of future generations is formed. The effectiveness of the educational system depends to a large extent on the effectiveness of consumption and generation of information, which makes it possible to raise the issue of protecting trainees from information that could damage the trainee's personality and provoke destructive consequences. Risk factors and threats to educational institutions’ information security are analyzed in the article, the concept of personal information security is considered, the goals of information security system implementing in the educational organization are proposed, classification of threats to information security and corresponding levels of danger is given. The authors justify the necessity of embedding the information security system in the activities of educational institutions. As a socio-pedagogical decision to ensure information security of trainees, it is proposed to include the competence in the field of information security into the activities of pedagogical and managerial staff