The article considers the process of information security from the position of cost-benefit assessment that allows to understand economic aspects of feasibility study of measures in the field of business information protection. In the practice of Russian business, the issues of information security are focused on compliance with regulatory requirements of the legislation. This leads to the fact that business entities neglect the procedure of comprehensive assessment of measures effectiveness that should consider the costs and benefits of legal, organizational, and technical information protection implementation. At the same time, in order to meet the new conditions of technological development of society, it is necessary to revise the concept of information protection of business entities and to fix in the policy of information security of activities the approaches to risk assessment based on assets value. The study contains a description of the cost/ benefit approach to the constituent components of ensuring information security of business process. To understand the economic aspects of information security, the research focuses on business entities of the market type of economic activity (the enterprise makes profit in its activity). The composition of components of the ensuring information security process has been defined. On the example of risk management costs and benefits of information security have been considered in detail.