What is Crown Jewels Analysis ? Part:01

0

OVERVIEW

In recent cyber trends, many adversaries can remain hidden for a month before detection, Many reputed organizations are still struggling to stop attackers from intruding into their internal network/system. In this case, we need some proactive approaches to defend against these attacks.


Crown Jewels Analysis is a process or a technique to identify the cyber assets to accomplish an organization’s mission. Hence it plays a vital role in providing a methodology that helps to understand what is most critical—beginning during systems development and continuing through system deployment.

How it Works ?

In short summary it’s a strategy to identify or prioritize organization assets to prevent or mitigate cyber risks, hence assets include servers, workstations, etc, it generally depends on the organization’s postures.

  1. Establishing Mission Priority
  2. Identifying mission dependance
  3. Mission impact analysis
  4. Threat assessment
  5. Risk remediation analysis

The first and foremost process of crown jewels analysis is to prioritize an asset in an organization, generally, assets classification is generally classified into three major tiers 

Tier 1: Public Information

Tier 2: Internal Information

Tier 3: Restricted Information

The main focus of CJA is to concentrate more on Tier: 3 [Restricted Information], hence before implementing CJA it’s been more important to have a well-defined or well-classified asset classification. And to prioritize assets that are more important or more commonly used.

Also Read: What is the MITRE ATT&CK Framework? How Is It Useful

Process Involved:

  1. Threat Assessment & Remediation Analysis (TARA)
  2. Cyber Command System

Threat Assessment & Remediation Analysis

Threat Assessment & Remediation Analysis (TARA) is an engineering methodology to identify, prioritize, and respond to cyber threats through the application of countermeasures that reduce susceptibility to cyber-attack. TARA is a system-level engineering practice within the MITRE Mission Assurance Engineering (MAE) 

Cyber Command System

The tool addresses the objective of improved mission assurance in cyberspace by enabling the mapping of mission operations to the network operations that support those missions. This tool provides mission-impact assessment through situational awareness and impacts analysis. CyCS addresses mission-assurance challenges for highly distributed enterprise systems through vulnerability, threat, and consequence management.

Conclusion

CJA will provide mission-impact assessment through impact analysis in addition to TARA and CYCS.

Reference

  1. https://www.mitre.org/publications/systems-engineering-guide/enterprise-engineering/systems-engineering-for-mission-assurance/crown-jewels-analysis
  2. https://www.mitre.org/publications/systems-engineering-guide/enterprise-engineering/systems-engineering-for-mission-assurance/crown-jewels-analysis
  3. https://www.mitre.org/research/technology-transfer/technology-licensing/crown-jewels-analysis
  4. https://www.mitre.org/research/technology-transfer/technology-licensing/cyber-command-system-cycs

Previous articleThreat Hunting using Proxy Logs – Soc Incident Response Procedure
Next articleDot Dot Slash Attack – Prevention & Detection
A Cyber Security Aspirant Security Researcher | Red-Teamer |

LEAVE A REPLY

Please enter your comment!
Please enter your name here