The paper analyzes the trends in threats to the functioning of information and telecommunication systems and methodological issues of evaluating the effectiveness of the information security system for protected objects. Based on the results of the analysis, a methodology for assessing the state of the effectiveness of information security systems has been proposed. It is shown that the development of assessment methodologies should be carried out on the basis of statistical and system analysis using expert methods, taking into account the fact that the assessment of the effectiveness of information security systems and its components is assessed with a large number of uncertainties and differences. The approach of assessing the state of the effectiveness of information security systems for an object of protection based on the risk management of business processes has been analyzed. It is substantiated that, depending on the goals and objectives of the assessment, it is possible to change both the main factors and the second level assessment factors and calculate them based on expert assessments of third level factors that affect the level of information security.