This article presents a broader definition of security and examines the components of information assurance, as well as the main features of the information security policy, a set of requirements, and a system for information security. It reflects the authors' experience in development and implementation of information security systems in the Automated Information System of the Bulgarian armed forces, as well as their participation in the creation of the Strategy for Development of Information Society in Bulgaria. Some conclusions and recommendations from the 1999 U.S.-Bulgarian study of the C4 systems in the Bulgarian armed forces were also taken into account