Unveiling the Power of Crown Jewels Analysis

Vivian Lee

The Crown Jewels Analysis

In the ever-evolving world of cybersecurity, it’s easy to get lost in a sea of complex tools, software, and acronyms. One approach that has proven to be invaluable is the concept of crown jewels analysis. MITRE explains that this process “provides a repeatable approach to capturing knowledge from organizational Subject Matter Experts (SMEs), documenting known dependencies, and prioritizing assets based on their criticality to mission.”

Airiam’s CEO, Conor Quinlan, firmly believes that simplifying the conversation is key for executives and business owners. The concept is important, but the “Who” and “How” aspects often involve overwhelming technical jargon. Let’s explore how crown jewels analysis can help businesses prioritize their assets and protect what truly matters.

Unveiling the Crown Jewels

Imagine your business as a fortress, filled with valuable treasures.

Your business is a fortress, and your assets are your crown jewels

These treasures, or crown jewels, represent the critical assets that need the utmost protection. The analysis enables businesses to identify and understand these vital components. It goes beyond the surface-level vulnerabilities and focuses on pinpointing what truly matters. So, how do you know which assets are your crown jewels?

Identifying Your Crown Jewels

Airiam’s Field CISO/CIO, Art Ocain, has first-hand experience in consulting with clients who have no idea what is important to their business’s livelihood, and that’s concerning. Before you can protect your business, you need to know what you’re protecting.

The first step in crown jewels analysis is to identify your crown jewels. This involves determining the systems, data, or processes that are essential for your business’s success.

Ask yourself:

  • What generates revenue?
  • What supports our core business functions?
  • Is it intellectual property, customer records, or sensitive financial data?

By understanding these critical elements, you can start building a strong foundation for your cybersecurity strategy.

Prioritizing Protection

Once you have identified your crown jewels, it’s crucial to prioritize their protection. Remember, not all assets are created equal. Some are more vulnerable and valuable than others.

For example

You’re a healthcare company called Jewel Health. You specialize in children’s health.

Two assets you have are your electronic health records (EHR) and research and development (R&D) database. Both contain sensitive information that affect the company’s ability to function.

The EHR contains: The R&D database stores:
Medical history Valuable research findings
Treatment plans Experimental data
Personal identifiers Proprietary information

While a breach on the R&D database would have a huge impact on Jewel Health’s work, a breach of the EHR system could have more severe consequences, including legal liabilities, reputational damage, and potential harm to patients. The analysis allows you to evaluate the impact and potential risks associated with each asset. This information empowers you to allocate resources effectively and implement robust security measures where they matter most.

Overcoming Challenges

Implementing crown jewels analysis may pose some challenges. Many businesses struggle to identify their most valuable assets and the supporting data behind them. Conducting workshops and engaging stakeholders in the process can help shed light on these critical components. It requires collaboration and a deep dive into the inner workings of your business. But once you uncover your critical assets, the path to effective cybersecurity becomes clearer. Truthfully, identifying those key assets is the biggest hurdle for most cases.

The Power of Simplicity

One of the remarkable aspects of the crown jewels analysis is its ability to simplify the complex cybersecurity landscape. By focusing on what truly matters, we can bypass the overwhelming technical jargon and acronyms. Executives and business owners can gain clarity and make informed decisions without getting lost in the intricate details. It’s about understanding the big picture and taking action to secure your critical assets.

In an era where cybersecurity is a top concern for businesses of all sizes, the crown jewels analysis provides a powerful framework for simplifying the conversation and protecting what matters most. By identifying your crown jewels, prioritizing their protection, and embracing simplicity, you can navigate the complex cybersecurity landscape with confidence. So, let’s embark on this journey together, safeguarding our critical assets and fortifying our businesses against the ever-present threats in the digital realm.

Watch The Video

 

New Resources In Your Inbox

Get our latest cybersecurity resources, content, tips and trends.

Other resources that might be of interest to you.

Rebuild Your Business After an Attack: Threat Actors Webinar

 Rebuild Your Business: Webinar Summary Airiam and MOXFIVE wrapped up the second of our Threat Actors webinar series! Art Ocain and Ben Hartwick were great hosts walking us through a ton of information on how to rebuild your business after an attack.
Vivian Lee
>>Read More

Airiam Ranked as #74 MSSP in World

Sixth-Annual List & Research Identifies Leading Managed Security  Service Providers Worldwide Airiam has been named the #74 managed security service provider (MSSP) in the world by MSSP Alert. The list contains the top 250 MSSPs in the world. Globa
Avatar photo
Bill Bowman
>>Read More

Using an MDR Service vs. Building Capabilities Internally

The Need for Detection and Response Cybersecurity is a top priority for businesses of all sizes due to the constant barrage of attacks. Monitoring system logs, detecting cybersecurity incidents, and responding are important parts of every sophisticated
Vivian Lee
>>Read More