A Key Cyber Incident Response Step - Identify your Crown Jewels
Date: 27 October 2020
Organisations that are reviewing their cyber incident response plans or even those that are looking to improve their cybersecurity maturity need to focus on identifying their critical assets or Crown Jewels as one of their top three priorities. It's quite simple, you can't protect an asset you don't know you have!
In this blog, we cover:
What are crown jewels?
Crown jewels is a metaphor for the most critical assets of the business that have to be protected if the business has to maintain operational continuity. In the digital world, crown jewels can be represented by a variety of assets including:
- Personal information (think GDPR)
- Network and database systems
- Websites & Applications
- Laptops, tablets & mobiles
- Human resources data
- Customer data
- Business confidential data
Without having an accurate asset inventory, a business cannot design an effective and focussed cyber incident response plan or for that matter be cyber-secure. Having a clear view of its critical assets provides direction to response plans and helps streamline effort and resources when it comes to preparing for an event/incident.
How to identify Critical Assets?
Identifying the critical assets or crown jewels of a business can be a massive cybersecurity exercise but one that is critical to developing any sort of breach-readiness capabilities. Crown jewels have to be the cornerstone around which other incident response plans are built.
There is no easy way to identify the crown jewels of your business as these critical assets can vary from industry to industry. Narrowing down on the critical assets, therefore, is an exercise that every organisation has to undertake on its own. A good way to judge whether something qualifies as a crown jewel or not is to evaluate if an attack on that asset is capable of bringing your business to a halt. Also, crown jewels may often represent just 2% of your business, but they may dominate 70-80% of your brand value.
Note: There are some common assets across all organisations. Think Personal Information of staff and clients, systems that store and process staff information (often called HR systems) and CRM or customer relationship management systems.
In many organisations, many of these critical assets may even be under the purview of third-party service providers or may be residing on cloud platforms. It is imperative to take stock of all assets regardless of their location and ownership.
The best way, therefore, to list out the crown jewels of the business is to conduct a methodical in-house workshop with key stakeholders who can make a decision on the assets that are most valued and most critical to protect. This workshop can also help in a crown jewel analysis during which key executives can analyse how well these assets are protected and if there are any gaps in the existing controls for these assets.
Here is a simple tip from our CEO and Founder, Amar Singh, a recognised practitioner in Cyber Incident Response and a globally recognised CISO:
"Ask yourself and key stakeholders which systems would they want (1) protected from cyber-criminals and (2) monitored and audited."
How to protect your crown jewels?
As is apparent by now, the first step in securing your crown jewels is actually identifying them. The next step would be to conduct an internal or external audit and analyse how well protected these assets are and where do gaps exist.
Budgetary analysis is also important as organisations often find that their annual spend on cybersecurity may have gone up but their crown jewels continue to remain as vulnerable as before due to a lack of proper monetary allocations, leaving the core business areas exposed to attacks. It is equally critical to monitor the crown jewels that reside with third parties or cloud platforms and to ensure that they are protected with controls similar to those used for assets within the organisation.
Conducting an assessment and evaluation of your crown jewels is an important aspect of building a healthy cybersecurity posture for your organisation. Investing in other technologies and controls without really knowing what your crown jewels are and how they need to be protected is as good as buying financial products without defining your personal finance goals at the onset – a wild goose chase.
If you’re seriously interested in securing your business-critical assets and making your organisation as protected against cyber-attacks as possible, look at conducting in-house workshops on identifying crown jewels.
Our NCSC-Certified CIPR Training covers this subject in greater detail and defines a methodical approach that organisations can adopt to protect the assets that matter.
More Information on the Certified Cyber Incident Planning & Response Course
The CIPR course is the perfect stepping stone for those who want to understand the basics of cybersecurity, cyber resilience and for developing core competencies in planning, detecting and responding to a cyber-crime.
Not only is the course delivered by one of the most renowned cybersecurity trainers in the world, Amar Singh, it comes with a great reference material pack including worksheets, checklists, mind maps and free templates. It is the easiest and most effective way to enhance the efficiency and cyber-resiliency of your staff and make your business more compliant with data breach response regulations.