The article is devoted to solving the problem of fulfilling the requirements, the order of which affects the final provision of information security. A review of Russian and foreign works on methods for optimizing the choice of requirements applicable to the subject area is made. In this case, efficiency is understood as a combination of the following indicators: potency — the effect of meeting the requirements, operativeness — the speed of implementation, and rresource thriftiness — the financial costs of their implementation. In the interests of this, an information model is proposed that reflects the relationship between the following information security objects: requirement, violation, threat, damage, fine and protective measure. It also takes into account their impact on efficiency indicators. The model is presented in graphical and analytical form. According to it, the security administrator must solve the optimization problem of increasing the efficiency of meeting requirements. An author›s method for ranking requirements is proposed, based on a combination of classical methods and taking into account the specifics of protecting high-priority objects. The method consists of the following 5 consecutive steps: taking into account time constraints, ranking by threat level, Pareto ranking, Saaty ranking, and taking into account cost constraints. The description of the method in the form of pseudocode is given. A hypothetical experiment on the application of the proposed method to a set of information security requirements is presented. The shortcomings of the study and the results obtained, as well as ways to eliminate them, are revealed.