In the cyber security world, the term ‘crown jewels’ is frequently referred to, but what does it actually mean? In short your crown jewels are your most critical assets. Therefore the theft, misuse or corruption of these assets can cripple your organisation’s operations, severely damage your brand reputation, and dramatically reduce shareholder value’. A crown jewels security assessment enables you to identify your most important assets.
Your Crown Jewels Are The Foundations of Your Cyber Security Strategy
Identifying and analysing the risks against them is typically the first step in devising your cyber security plans, forming the foundation of your cyber strategy and allocation of resources;
- What are your critical assets?
- What security provisions are already in place?
- How at risk are they?
- How will you monitor and protect them?
- What action will be undertaken should they come under attack?
How To Identify Your Critical Assets – A Crown Jewels Security Assessment
There is no quick and easy way to identify business critical assets, however a good starting point is to identify:
- Which assets, if compromised or attacked, would bring your business to a stop.
- Which assets deliver the most value? For most organisations just 2% of your assets deliver an estimated 70% of total value.
They may be physical assets, saved on the cloud, or part of your supply chain, owned/managed by third party service providers, therefore it’s important that you consider all assets regardless of their ownership and location.
They may even be intangibles like patents, intellectual property and trade secrets.
Examples of Crown Jewels
Of course critical assets will be different for every organisation, and vary across industry sectors, however there are some common themes across all organisations:
Personal, sensitive and confidential data
- Confidential business information
- Customer/client data
- Employee data
- Partner data
Systems such as email, CRM, payroll, accounting, payment processing
Infrastructure and network
- Wifi and routers
- Smart/connected devices
Brand and reputation
- Company social media accounts
- Brand ambassador social media accounts
These assets will attract the attention of cyber attackers, and if they become compromised your organisation will suffer a major impact, and this is why they deserve the most protection.
As assets change over time, developing a critical asset register and keeping it up to date is essential.
Crown Jewels Are Only Part Of Your Treasure Trove
Whilst it makes sense to focus your resources on protecting your most important assets, it’s important that you look at the threat landscape as a whole, especially the pathways to your crown jewels, and threats that are outside your perimeter that may affect your brand.
A crown jewels assessment is therefore part of a bigger cyber security risk assessment. By viewing the entire organisation from an attacker’s perspective, you can improve your overall security posture.
We Are here To Help
Get in touch with the Infosec Partners cyber consultancy team if you need help with a crown jewels assessment, or if want to know more about our wider security risk assessment services.