The urgent need for the purposeful development of information security systems in the context of the intensive introduction of digital technologies in the economy and social sphere determines the relevance of improving the methodological apparatus for substantiating appropriate decisions in planning and managing this process. The purpose of this article is to develop a mathematical model and an algorithm for supporting decision-making in the formation of a program for the development of an organization's information security system. At the same time, a generalized structure of the model and an algorithm for solving the problem of forming the optimal version of the program are proposed. Minimization of financial costs is, used as an optimality criterion in the model. Uncertainty inherent in the development of information security systems is, taken into account by setting the intervals of possible costs during the implementation of projects included in the program. To solve the problem, an iterative algorithm is, proposed for the sequential formation of an appropriate version of the program