The article in the context of methodologies of systematic analysis of legal phenomena reveals the content of the principles of legal regulation of the institute of information security. It is noted that information security is defined as the impossibility of causing harm by means of a security object, due to information and information structure. Principles play an important role in the legal provision of information security. The basic principles of legal regulation of the information sphere are enshrined in the Laws "On Information", "On the Basic Principles of Cyber Security of Ukraine", most of which are key to the development of legal regulation of information security processes. In order to improve the information security system from various challenges and threats, it is proposed to enshrine in information legislation the principle of presumption of security of critical information infrastructure, which establishes that critical information infrastructure is considered protected as long as the organizational and legal security of these facilities requirements set forth in regulations in the field of information security. It is stated that a wide range of problems of information security of the individual, society and state, development of cybersecurity culture, ensuring privacy and protection of access rights, protection of information systems, resources and networks, expanding the use of information technology in public administration, other information problems security needs careful study. The principles of legal regulation in the field of information security are revealed through normative detail. It is emphasized that with the development of scientific and technological progress and the latest forms of processing and use of information, the principles of regulation in the field of information security need to be correlated at the level of regulatory support.