In theory and in practice, there is a problem of removing uncertainty in the implementation of technical measures due to the unclear right-hand regulation of classification of measures to ensure the security of data automatically processed in information systems. In the article, based on the application of set theory, it is proposed to remove this uncertainty by selecting groups of measures to ensure the security of information. Information protection in the Federal law "on information, information technologies and information protection" is the adoption of legal, organizational and technical measures. However, in practice, in the system of measures to ensure the information security of objects of protection, they are found not only in a "pure" form, but also in a close relationship, interaction with each other (organizational-legal, organizational-technical, technical-legal), and very often can not be implemented independently.