A method of forming an information security system for a distributed computer network of an informatization object is proposed. At the first stage of the methodology, it is proposed to use mathematical modeling. In particular, a mathematical model is presented based on the use of the apparatus of probability theory to calculate the vulnerability coefficient. This coefficient allows us to assess the level of information security of the network of the informatization object. Criteria for assessing the acceptable and critical level of risks for information security are also proposed. Further, at the second stage of the methodology for the formation of an information security system of a distributed computer network, methods of simulation modeling and virtualization of information security components of a distributed computer network are used. In the course of experimental research, a model of a secure distributed computing network was built. In the experimental model, network devices and information security components of a distributed computing network were emulated on virtual machines. The resources of the distributed computing network were reproduced using the Proxmox VE virtualization system. IPS Suricata was deployed on the hosts of a distributed computing network under PVE management. The Splunk system was used as a SIEM. It is shown that the proposed methodology for the formation of an information security system for a distributed computer network and the vulnerability coefficient model made it possible to obtain a quantitative assessment of the vulnerability levels of a distributed computer network of an informatization object.