This article is devoted to the methodology of organizing the process of monitoring of distributed information systems. The article considers the general concept of building the process of information security monitoring. Special attention is paid to such disadvantages of distributed systems as problems of system administration, problems of limited scalability of distributed systems and problems of software portability. It was concluded that at present there is no unified approach to eliminate these disadvantages when building a monitoring process. The model of decentralized distributed system for which the methodology of monitoring process organization is developed is given. Three approaches to the organization of monitoring process of distributed information systems are described, namely the organization of monitoring of network activity of information system, the organization of monitoring of host activity of information system and mixed approach. The mixed approach based on monitoring of network and host activity is used in the methodology. The process of prioritization of sources of information security events is considered, which includes the assessment of IS risks, identification of actual IS threats and identification of critical assets of the organization. As a result, a methodology for organizing the process of monitoring distributed information systems is proposed, which consists of four stages: risk calculation, identification of actual threats, prioritization of information security event sources and connection of selected sources to the information security event monitoring system.