A three-level system of the complex estimation of information security in social-economic systems, in which a description of a higher level parameters depends on the generalized and factorized variables of a lower level is proposed. In this system of estimates, the irrational thinking and unpredictability of the plan both of the malefactor and the security manager plays the most important part.