This material highlights the approach to analyzing the security of critical documents in the company's information system in multi-step social engineering attacks. The problem could be solved using the models of the complex "critical documents - information system - users - attacker". Approaches to the calculation of the probability of compromising of critical documents of the information system are described. Algorithms for calculating these probabilities are proposed by analyzing the social graph of the company's employees.