What is Crown Jewels Analysis ? Part:01

By
Harisuthan
-
0

OVERVIEW

In recent cyber trends, many adversaries can remain hidden for a month before detection, Many reputed organizations are still struggling to stop attackers from intruding into their internal network/system. In this case, we need some proactive approaches to defend against these attacks.

Crown Jewels Analysis is a process or a technique to identify the cyber assets to accomplish an organization’s mission. Hence it plays a vital role in providing a methodology that helps to understand what is most critical—beginning during systems development and continuing through system deployment.

Right now, cybersecurity is an in-demand industry. Unfortunately, many students cannot cope with such an academic life. A reliable writing service is able to help with essay writing in couple hours. This will help free up time to study important topics without wasting time on papers.

How it Works ?

In short summary it’s a strategy to identify or prioritize organization assets to prevent or mitigate cyber risks, hence assets include servers, workstations, etc, it generally depends on the organization’s postures.

  1. Establishing Mission Priority
  2. Identifying mission dependance
  3. Mission impact analysis
  4. Threat assessment
  5. Risk remediation analysis

The first and foremost process of crown jewels analysis is to prioritize an asset in an organization, generally, assets classification is generally classified into three major tiers 

Tier 1: Public Information

Tier 2: Internal Information

Tier 3: Restricted Information

The main focus of CJA is to concentrate more on Tier: 3 [Restricted Information], hence before implementing CJA it’s been more important to have a well-defined or well-classified asset classification. And to prioritize assets that are more important or more commonly used.

Also Read: What is the MITRE ATT&CK Framework? How Is It Useful

Process Involved:

  1. Threat Assessment & Remediation Analysis (TARA)
  2. Cyber Command System

Threat Assessment & Remediation Analysis

Threat Assessment & Remediation Analysis (TARA) is an engineering methodology to identify, prioritize, and respond to cyber threats through the application of countermeasures that reduce susceptibility to cyber-attack. TARA is a system-level engineering practice within the MITRE Mission Assurance Engineering (MAE) 

Cyber Command System

The tool addresses the objective of improved mission assurance in cyberspace by enabling the mapping of mission operations to the network operations that support those missions. This tool provides mission-impact assessment through situational awareness and impacts analysis. CyCS addresses mission-assurance challenges for highly distributed enterprise systems through vulnerability, threat, and consequence management.

Conclusion

CJA will provide mission-impact assessment through impact analysis in addition to TARA and CYCS.

Reference

  1. https://www.mitre.org/publications/systems-engineering-guide/enterprise-engineering/systems-engineering-for-mission-assurance/crown-jewels-analysis
  2. https://www.mitre.org/publications/systems-engineering-guide/enterprise-engineering/systems-engineering-for-mission-assurance/crown-jewels-analysis
  3. https://www.mitre.org/research/technology-transfer/technology-licensing/crown-jewels-analysis
  4. https://www.mitre.org/research/technology-transfer/technology-licensing/cyber-command-system-cycs
Previous articleDnsTwist Tool – Proactive Approach for Handling Phishing Cases
Next articleDot Dot Slash Attack – Prevention & Detection
Harisuthan
Harisuthan
https://www.socinvestigation.com
A Cyber Security Aspirant Security Researcher | Red-Teamer |