Stories by Puneet Kukreja

To Cloud or Not To Cloud

In today’s uncertain times, cost-savings are a primary focus for executives. Cloud services do seem to offer a silver bullet solution when it comes to infrastructure and ancillary IT services.

Puneet Kukreja | 14 Feb | Read more

5 principles of selling security initiatives to executives

In the world of data leaks and cybercrime, why is it that selling information security is considered a hard task? Is it because information security is pitched as a tool—buy software and it will fix everything—or is there a lack of understanding about what a healthy information security posture will achieve for an organisation.

Puneet Kukreja | 11 Jan | Read more

Security Operations the Final Frontier – Part III

Security Operations, as a capability, was discussed in the first article of this series: Security Operations the Final Frontier. This was a response to media coverage of a other operations in which information was compromised and data assets were stolen - Operation Shady RAT, Operation Aurora and Operation Night Dragon.

Puneet Kukreja | 20 Dec | Read more

Auditing Cloud Services

Business agility and the demand for quick turnaround to infrastructure and application requirements to service organisational growth have fuelled the rise of cloud services. For organisations that have had their IT system requirements held back by traditional sourcing and project based delivery of information technology, cloud seems to be the answer.

Puneet Kukreja | 25 Oct | Read more

Security Operations the Final Frontier – Part II

I have created my own interpretation of what a good pragmatic Security Operations Model (SOM) would look like. This has been adapted from a number of Security Frameworks and Industry Good Practices like ITIL, COBIT, NIST, OCTAVE, OWASP and the ever present ISO 27001/2 all of which have an input into the structure and makeup of an effective security operations framework or security operations model.

Puneet Kukreja | 13 Sep | Read more

Security Operations the Final Frontier

Operations Shady RAT, Operation Aurora, Operation Night Dragon sounds like names out of a WikiLeaks memo or even more a Hollywood action blockbuster. Sadly not, these are the three names that have done the rounds in the last 2 – 3 years where information security defenses of organizations were not only breached but data assets were stolen for sure.

Puneet Kukreja | 31 Aug | Read more

Opinion: Enterprise Security Architecture as a discipline – the three viewpoints.

Enterprise Security Architecture for an organisation as a discipline is required to outline an enterprise wide risk-driven approach to information security and deliver infrastructure solutions in response to the organisations threat profile. Enterprise Security Architecture is required to drive and support the standardisation and management of an organisations information security discipline.

Puneet Kukreja | 10 Aug | Read more