Crown Jewels Analysis.

A MITRE-popularized methodology that identifies the small set of mission-critical assets whose loss would unacceptably harm the organization, then concentrates protection, monitoring, and IR investment there. Pertenece a la categoría de Defensa y operaciones en ciberseguridad.

A MITRE-popularized methodology that identifies the small set of mission-critical assets whose loss would unacceptably harm the organization, then concentrates protection, monitoring, and IR investment there.

Crown Jewels Analysis (CJA) is a methodology formalized by MITRE in the mid-2010s and incorporated into the U.S. DoD's mission-assurance practice. The premise: most organizations cannot harden everything to the same level, and most adversaries don't care about everything either. CJA produces a ranked, justified list of the assets — datasets, systems, applications, identities, processes — whose compromise or loss would produce unacceptable mission, business, regulatory, or reputational impact, and the dependencies (network paths, credentials, supporting services) that lead to them. The output drives where to concentrate defense-in-depth controls (segmentation, monitoring tier, IR tabletop priority, cyber-insurance scoping, recovery RTO/RPO), what threat models to take most seriously, and which paths in attack-graph terms to disrupt first. CJA is often a precursor to attack-path analysis, MITRE ATT&CK technique prioritization, and adversary-emulation scoping. It is also a common requirement of cyber-insurance underwriting and of regulator-led resilience reviews (DORA, NIS2, U.S. DOD CMMC).

Las defensas contra Crown Jewels Analysis combinan habitualmente controles técnicos y prácticas operativas, como se detalla en la definición.

Nombres alternativos comunes: CJA, Mission-critical asset analysis.