The main goal is to identify mission-critical cyber assets, but there are additional benefits…
By Zsolt Baranya, Information Security Auditor, Black Cell Ltd.
Crown Jewels Analysis is a MITRE methodology – which can help to identify the mission-critical cyber assets – represented by Systems Engineering Guide. It is only a part of the Guide and also the procedure to make an organization’s IT system resilient against the Advanced Cyber Threats. The analysis entirely focuses on: „Keeping the adversary out”.
If the organization wants to establish a robust, cyber-resilient system, conducting Crown Jewels Analysis itself is not enough. Apart from Crown Jewels Analysis, it is needed to conduct additional risk assessment procedures of MITRE methodologies. For example Threat Assessment & Remediation Analysis (TARA). It is not necessary to use TARA, it is possible to choose another effective and efficient methodology.
The two main stages of Crown Jewels Analysis are:
- We need to set up in 4 steps a dependency map, which can help to demonstrate all of the dependencies from cyber assets to organizational missions.
- Leadership defines and prioritizes organizational mission objectives.
- Management defines the operational tasks that support the mission objectives and dependencies. Which mission objective depends on which operational task.
- Operators define the operational tasks’ supporter system functions and dependencies.
- Tech or IT defines the cyber assets (and dependencies), which supports the system functions.
If the organization intends to use information assets or subtasks instead of system functions through the execution, it is only possible, if the organization has sufficient information.
- When we have a 4 layered dependency map, we have to carry out the Mission Impact Analysis, which is a bit like the well-known Business Impact Analysis. Risk-to-Mission Assessment Process can help to quantify the impacts. When the Mission Impact Analysis is carried out, we are able to identify our Crown Jewels, the most important cyber assets to an organization’s mission.
Analysis requires many resources. For example business policy, other documents, information asset inventory, a lot of time and interviews, as well as a tool.
Crown Jewels Analysis results are the mission-critical cyber assets and a report from the executors. The most important benefit is knowing what cyber assets are the most critical to achieving organizational mission objectives. If you asked the IT and the business, what are the mission-critical cyber assets, the answer is usually different. Crown Jewels Analysis based on a mathematical approach; therefore, it is objective.
The report from the Analysis details the effects (for example: which cyber asset loss causes a system function failure etc.), displays the process errors and the organizational single point of contacts. The outputs can support other IT or risk assessment techniques and activities.
The results can support compliancy with standards and recommendations, for example NIST 800-53 r4. If the organization knows, which are the critical assets, it is much easier to meet the requirements like “Customized Development of Critical Components” or “Identify Critical Assets”.
If the Analysis is completely done, it can help to identify the unnecessary cyber assets, which doesn’t support the Mission Objectives. This is a possibility to optimize the cyber asset infrastructure.
The organizational activities and procedures are mapped during the Crown Jewels Analysis. This can help to optimize the procedures, financial and human resources, and based on the dependencies, it is also possible to improve the internal regulations.
Correct execution of the Crown Jewels Analysis can support the incident management activities, and help to understand the connected risks and threats, and also can help to choose the appropriate preventive solutions.
Sectoral features can be integrated into the analysis process and can help to prioritize in accordance with the demand of the leadership. (Industrial Control System operators need some different features of the sectoral specialties.)
Every IT or information security audit can help to develop organizational security solutions. Crown Jewels Analysis is a relatively new methodology with a different approach. The “old” risk analysis and audit methodologies are executed on a conventional measure; therefore, Crown Jewels Analysis may produce different results, hopefully, useful innovations.
Crown Jewels are different in every organization and depend on many unique factors e.g. size, structure, culture, the activity of the organization, etc.
To build an organizational protection strategy, it is needed to be aware of the Crown Jewels. The unawareness of the mission-critical cyber assets could cause unnecessary resource allocation and a false sense of security in the organization.
About the Author
Zsolt Baranya is an Information Security Auditor of the Black Cell Ltd. from Hungary. Formerly, he has filled information security officers and data protection officer roles at a local governmental organization. He worked as a senior desk officer at National Directorate General for Disaster Management, Department for Critical Infrastructure Coordination, where he was responsible for the Hungarian critical infrastructure’s information security compliance. Zsolt can be reached online at firstname.lastname@example.org and at his company’s website https://blackcell.io/