As part of the professional retraining program "Information Security Management in a Body (Organization)", we interviewed and asked 10 questions about information security to 50 top experts in information security and IT. The full cycle of interviews and videos "10 questions about information security" is available to students on the training course https://ib.bmstu.ru/courses/upravleni... And also on the course: • 200+ lectures from 100 experts and managers in information security and 50 leading organizations in the field of information security and IT • 60+ webinars • practical assignments • business intensives • 50 interviews with TOPs in information security • 50 videos "10 questions about information security" The training program was implemented at Bauman Moscow State Technical University in the Center for Continuing Education "INFOBEZ" of Bauman Moscow State Technical University. Bauman https://ib.bmstu.ru/ General partner of the Security Vision training program https://www.securityvision.ru/ Interview recording: CISOCLUB https://cisoclub.ru Contacts: ib.bmstu.ru - https://ib.bmstu.ru/ [email protected] +7(495)120-29-20 00:00 - Intro 00:19 - What risks and threats that have emerged in recent years were the least predictable? 01:28 - Why did no one take potential information security risks seriously? 02:06 - What is the current level of legislation in the field of critical information infrastructure and import substitution solutions? 04:32 - Given recent events, it is difficult to talk about export orientation 06:05 - Are there unique threats and risks characteristic only of the Russian market? 07:20 - Can SMEs connect to GosSOPKA? 07:35 - Who could implement GosSOPKA for SMEs? 08:13 - Which of the non-priority areas need to be brought forward? 15:39 - What place does OSINT occupy in modern information security systems? 20:13 - To what extent do organizations pay attention to the effectiveness of OSINT methods? 23:27 - A professional dossier is compiled on every person in the company 25:45 - Are OSINT and cyber intelligence systematized, formalized, and open? 28:42 - To what extent do OSINT methods combine with social engineering methods? 29:48 - Have you had personal experience of encountering attacks based on social engineering? 31:02 - What information security features would you note in Internet projects? 33:34 - What unexpected information security lessons have you learned during your career? 36:57 - What information security trends do you see in the next 5-10 years? 38:53 - What would you do if you saw a password on a sticky note on a colleague's screen? 39:56 - What song would you choose as a background song for the information security department? 40:25 - Imagine that authorization is done by dancing. What would your password be? 40:40 - What culinary dish symbolizes your work in the field of information security? 41:09 - Which blogger would you agree to come to for a roast?