Search
Close this search box.

Unveiling the Power of Crown Jewels Analysis

Vivian Lee

The Crown Jewels Analysis

In the ever-evolving world of cybersecurity, it’s easy to get lost in a sea of complex tools, software, and acronyms. One approach that has proven to be invaluable is the concept of crown jewels analysis. MITRE explains that this process “provides a repeatable approach to capturing knowledge from organizational Subject Matter Experts (SMEs), documenting known dependencies, and prioritizing assets based on their criticality to mission.”

Airiam’s CEO, Conor Quinlan, firmly believes that simplifying the conversation is key for executives and business owners. The concept is important, but the “Who” and “How” aspects often involve overwhelming technical jargon. Let’s explore how crown jewels analysis can help businesses prioritize their assets and protect what truly matters.

Unveiling the Crown Jewels

Imagine your business as a fortress, filled with valuable treasures.

Your business is a fortress, and your assets are your crown jewels

These treasures, or crown jewels, represent the critical assets that need the utmost protection. The analysis enables businesses to identify and understand these vital components. It goes beyond the surface-level vulnerabilities and focuses on pinpointing what truly matters. So, how do you know which assets are your crown jewels?

Identifying Your Crown Jewels

Airiam’s Field CISO/CIO, Art Ocain, has first-hand experience in consulting with clients who have no idea what is important to their business’s livelihood, and that’s concerning. Before you can protect your business, you need to know what you’re protecting.

The first step in crown jewels analysis is to identify your crown jewels. This involves determining the systems, data, or processes that are essential for your business’s success.

Ask yourself:

  • What generates revenue?
  • What supports our core business functions?
  • Is it intellectual property, customer records, or sensitive financial data?

By understanding these critical elements, you can start building a strong foundation for your cybersecurity strategy.

Prioritizing Protection

Once you have identified your crown jewels, it’s crucial to prioritize their protection. Remember, not all assets are created equal. Some are more vulnerable and valuable than others.

For example

You’re a healthcare company called Jewel Health. You specialize in children’s health.

Two assets you have are your electronic health records (EHR) and research and development (R&D) database. Both contain sensitive information that affect the company’s ability to function.

The EHR contains: The R&D database stores:
Medical history Valuable research findings
Treatment plans Experimental data
Personal identifiers Proprietary information

While a breach on the R&D database would have a huge impact on Jewel Health’s work, a breach of the EHR system could have more severe consequences, including legal liabilities, reputational damage, and potential harm to patients. The analysis allows you to evaluate the impact and potential risks associated with each asset. This information empowers you to allocate resources effectively and implement robust security measures where they matter most.

Overcoming Challenges

Implementing crown jewels analysis may pose some challenges. Many businesses struggle to identify their most valuable assets and the supporting data behind them. Conducting workshops and engaging stakeholders in the process can help shed light on these critical components. It requires collaboration and a deep dive into the inner workings of your business. But once you uncover your critical assets, the path to effective cybersecurity becomes clearer. Truthfully, identifying those key assets is the biggest hurdle for most cases.

The Power of Simplicity

One of the remarkable aspects of the crown jewels analysis is its ability to simplify the complex cybersecurity landscape. By focusing on what truly matters, we can bypass the overwhelming technical jargon and acronyms. Executives and business owners can gain clarity and make informed decisions without getting lost in the intricate details. It’s about understanding the big picture and taking action to secure your critical assets.

In an era where cybersecurity is a top concern for businesses of all sizes, the crown jewels analysis provides a powerful framework for simplifying the conversation and protecting what matters most. By identifying your crown jewels, prioritizing their protection, and embracing simplicity, you can navigate the complex cybersecurity landscape with confidence. So, let’s embark on this journey together, safeguarding our critical assets and fortifying our businesses against the ever-present threats in the digital realm.

Watch The Video

 

New Resources In Your Inbox

Get our latest cybersecurity resources, content, tips and trends.

Other resources that might be of interest to you.

Podcast: The Basics of Cyber Resilience

 Episode Summary Cyber resilience is an evolution in mindset for the world of information security. It has been happening for years. Relying on firewalls, anti-virus, and other preventive manners at the expense of planning for what if can mean that a
Avatar photo
Bill Bowman
>>Read More

The Grinches Who Stole Data

The Grinches Who Stole Data: Guarding Against Holiday Cyber Attacks He’s a mean one, Mr. Grinch. Cyber grinches are on the prowl, looking to steal more than just your holiday joy. As we exchange festive greetings and share goodwill, it’s crucial to be
Vivian Lee
>>Read More

What Is Cyber Resilience? (And Why Is It Important?)

Cyber resilience isn’t a nice-to-have—it’s a need-to-have. Cybercrime is on the rise, and the problem has shifted to when (not if) bad actors will attack your business. Reports show that 60% of small-to-medium-sized businesses around the world experien
Jesse Sumrak
>>Read More