The main problem: The risk of damage or loss of information in modern information systems requires effective measures to ensure information security, which is especially important for the Republic of Kazakhstan in the face of growing digital threats. Objective: To analyze the legal and organizational measures for information security in Kazakhstan, with a focus on the role of the Ministry of Digital Development in protecting critical information and personal data. Methods: A qualitative analysis of regulatory documents and practices in the field of information security was used, including measures for risk management and threat monitoring. Results and their significance: Key measures for ensuring information security were described, including the establishment of incident response centers and improvements to the legal framework in the field of information security, contributing to the protection of personal data and critical infrastructure in Kazakhstan.