The article examines the approach to estimate the security level of critical documents stored in the informational system, based on data of intruder`s competence profile and profile of user`s vulnerability. A model of the process is considered, in which an malefactor tries to access such documents with the help of available methods of influencing users of information systems (social engineering attacking influences on users). An aggregated estimation of the likelihood of such access through socio-engineering attacking influences on various users of the information system is considered.