Unveiling the Power of Crown Jewels Analysis

Vivian Lee

The Crown Jewels Analysis

In the ever-evolving world of cybersecurity, it’s easy to get lost in a sea of complex tools, software, and acronyms. One approach that has proven to be invaluable is the concept of crown jewels analysis. MITRE explains that this process “provides a repeatable approach to capturing knowledge from organizational Subject Matter Experts (SMEs), documenting known dependencies, and prioritizing assets based on their criticality to mission.”

Airiam’s CEO, Conor Quinlan, firmly believes that simplifying the conversation is key for executives and business owners. The concept is important, but the “Who” and “How” aspects often involve overwhelming technical jargon. Let’s explore how crown jewels analysis can help businesses prioritize their assets and protect what truly matters.

Unveiling the Crown Jewels

Imagine your business as a fortress, filled with valuable treasures.

Your business is a fortress, and your assets are your crown jewels

These treasures, or crown jewels, represent the critical assets that need the utmost protection. The analysis enables businesses to identify and understand these vital components. It goes beyond the surface-level vulnerabilities and focuses on pinpointing what truly matters. So, how do you know which assets are your crown jewels?

Identifying Your Crown Jewels

Airiam’s Field CISO/CIO, Art Ocain, has first-hand experience in consulting with clients who have no idea what is important to their business’s livelihood, and that’s concerning. Before you can protect your business, you need to know what you’re protecting.

The first step in crown jewels analysis is to identify your crown jewels. This involves determining the systems, data, or processes that are essential for your business’s success.

Ask yourself:

  • What generates revenue?
  • What supports our core business functions?
  • Is it intellectual property, customer records, or sensitive financial data?

By understanding these critical elements, you can start building a strong foundation for your cybersecurity strategy.

Prioritizing Protection

Once you have identified your crown jewels, it’s crucial to prioritize their protection. Remember, not all assets are created equal. Some are more vulnerable and valuable than others.

For example

You’re a healthcare company called Jewel Health. You specialize in children’s health.

Two assets you have are your electronic health records (EHR) and research and development (R&D) database. Both contain sensitive information that affect the company’s ability to function.

The EHR contains: The R&D database stores:
Medical history Valuable research findings
Treatment plans Experimental data
Personal identifiers Proprietary information

While a breach on the R&D database would have a huge impact on Jewel Health’s work, a breach of the EHR system could have more severe consequences, including legal liabilities, reputational damage, and potential harm to patients. The analysis allows you to evaluate the impact and potential risks associated with each asset. This information empowers you to allocate resources effectively and implement robust security measures where they matter most.

Overcoming Challenges

Implementing crown jewels analysis may pose some challenges. Many businesses struggle to identify their most valuable assets and the supporting data behind them. Conducting workshops and engaging stakeholders in the process can help shed light on these critical components. It requires collaboration and a deep dive into the inner workings of your business. But once you uncover your critical assets, the path to effective cybersecurity becomes clearer. Truthfully, identifying those key assets is the biggest hurdle for most cases.

The Power of Simplicity

One of the remarkable aspects of the crown jewels analysis is its ability to simplify the complex cybersecurity landscape. By focusing on what truly matters, we can bypass the overwhelming technical jargon and acronyms. Executives and business owners can gain clarity and make informed decisions without getting lost in the intricate details. It’s about understanding the big picture and taking action to secure your critical assets.

In an era where cybersecurity is a top concern for businesses of all sizes, the crown jewels analysis provides a powerful framework for simplifying the conversation and protecting what matters most. By identifying your crown jewels, prioritizing their protection, and embracing simplicity, you can navigate the complex cybersecurity landscape with confidence. So, let’s embark on this journey together, safeguarding our critical assets and fortifying our businesses against the ever-present threats in the digital realm.

Watch The Video


New Resources In Your Inbox

Get our latest cybersecurity resources, content, tips and trends.

Other resources that might be of interest to you.

Setup PTD Email Account in Outlook 2010

PTD Email Account in Outlook 2010 Many people enjoy the freedom a web-based email as it allows you to access your email from any computer. If you would prefer this flexibility we recommend you just use PenTeledata’s webmail interface at http://webmail.
Avatar photo
Anthony Lewis
>>Read More

Social Engineering: What to Look For and Things to Avoid

Social engineering plays a role in many cybersecurity attacks. What is Social Engineering? To begin with, attempts to gain access to your accounts or gather your personal information can come from anywhere: Facebook, Twitter, phone calls, text, etc. Th
Avatar photo
Andy Gritzer
>>Read More

We Hired a Hacker

Hiring a Hacker Security is not an option anymore. While operations in many IT organizations went against security (1)(2) for years, it is now obvious that security needs to be at the beginning of every process. A hacker is a serious threat. Threats ar
Avatar photo
Anthony Lewis
>>Read More