The Crown Jewels Analysis
In the ever-evolving world of cybersecurity, it’s easy to get lost in a sea of complex tools, software, and acronyms. One approach that has proven to be invaluable is the concept of crown jewels analysis. MITRE explains that this process “provides a repeatable approach to capturing knowledge from organizational Subject Matter Experts (SMEs), documenting known dependencies, and prioritizing assets based on their criticality to mission.”
Airiam’s CEO, Conor Quinlan, firmly believes that simplifying the conversation is key for executives and business owners. The concept is important, but the “Who” and “How” aspects often involve overwhelming technical jargon. Let’s explore how crown jewels analysis can help businesses prioritize their assets and protect what truly matters.
Unveiling the Crown Jewels
Imagine your business as a fortress, filled with valuable treasures.
These treasures, or crown jewels, represent the critical assets that need the utmost protection. The analysis enables businesses to identify and understand these vital components. It goes beyond the surface-level vulnerabilities and focuses on pinpointing what truly matters. So, how do you know which assets are your crown jewels?
Identifying Your Crown Jewels
Airiam’s Field CISO/CIO, Art Ocain, has first-hand experience in consulting with clients who have no idea what is important to their business’s livelihood, and that’s concerning. Before you can protect your business, you need to know what you’re protecting.
The first step in crown jewels analysis is to identify your crown jewels. This involves determining the systems, data, or processes that are essential for your business’s success.
Ask yourself:
- What generates revenue?
- What supports our core business functions?
- Is it intellectual property, customer records, or sensitive financial data?
By understanding these critical elements, you can start building a strong foundation for your cybersecurity strategy.
Prioritizing Protection
Once you have identified your crown jewels, it’s crucial to prioritize their protection. Remember, not all assets are created equal. Some are more vulnerable and valuable than others.
For example
You’re a healthcare company called Jewel Health. You specialize in children’s health.
Two assets you have are your electronic health records (EHR) and research and development (R&D) database. Both contain sensitive information that affect the company’s ability to function.
| The EHR contains: | The R&D database stores: |
|---|---|
| Medical history | Valuable research findings |
| Treatment plans | Experimental data |
| Personal identifiers | Proprietary information |
While a breach on the R&D database would have a huge impact on Jewel Health’s work, a breach of the EHR system could have more severe consequences, including legal liabilities, reputational damage, and potential harm to patients. The analysis allows you to evaluate the impact and potential risks associated with each asset. This information empowers you to allocate resources effectively and implement robust security measures where they matter most.
Overcoming Challenges
Implementing crown jewels analysis may pose some challenges. Many businesses struggle to identify their most valuable assets and the supporting data behind them. Conducting workshops and engaging stakeholders in the process can help shed light on these critical components. It requires collaboration and a deep dive into the inner workings of your business. But once you uncover your critical assets, the path to effective cybersecurity becomes clearer. Truthfully, identifying those key assets is the biggest hurdle for most cases.
The Power of Simplicity
One of the remarkable aspects of the crown jewels analysis is its ability to simplify the complex cybersecurity landscape. By focusing on what truly matters, we can bypass the overwhelming technical jargon and acronyms. Executives and business owners can gain clarity and make informed decisions without getting lost in the intricate details. It’s about understanding the big picture and taking action to secure your critical assets.
In an era where cybersecurity is a top concern for businesses of all sizes, the crown jewels analysis provides a powerful framework for simplifying the conversation and protecting what matters most. By identifying your crown jewels, prioritizing their protection, and embracing simplicity, you can navigate the complex cybersecurity landscape with confidence. So, let’s embark on this journey together, safeguarding our critical assets and fortifying our businesses against the ever-present threats in the digital realm.
Watch The Video
