In this article, we complement our method of developing information security system for protection of organization's sensitive information. The method is based on analysis of the domain of problem area “Information Security”. We are taking into account the viewpoints of the different actors in the development process. unifying their requirements and contributions to the system development. Basic concepts, which are foundation of the field of information security are considered - Vulnerabilities, Threats, Sources, Threat Agents, Motivation, Vectors, Targets. Their relations describe the nature of the threats (internal and external), nature of attacks and the counteractions against them. The approaches to information security and the types of communications in the modern organization are presented as well. A brief analysis of the “Information Processing” viewpoint is also made. As a result of the analysis, we determine the main concepts, as well as the relationships between them, describing vulnerabilities, threats, attacks and countermeasures and gaining deeper knowledge about their nature.