The article discusses issues related to the necessary stage components of designing business games for teaching students to build an integrated information security system at an enterprise: features of the analysis of the initial data of an economic entity, the need to conduct a risk assessment in the context of the dynamics of the external world, ensuring the variability of building a protection strategy, forming an objective assessment the effectiveness of the protection system built by the participants.