Crown Jewels Analysis.

A MITRE-popularized methodology that identifies the small set of mission-critical assets whose loss would unacceptably harm the organization, then concentrates protection, monitoring, and IR investment there. Cette notion relève de la catégorie Défense et opérations en cybersécurité.

A MITRE-popularized methodology that identifies the small set of mission-critical assets whose loss would unacceptably harm the organization, then concentrates protection, monitoring, and IR investment there.

Crown Jewels Analysis (CJA) is a methodology formalized by MITRE in the mid-2010s and incorporated into the U.S. DoD's mission-assurance practice. The premise: most organizations cannot harden everything to the same level, and most adversaries don't care about everything either. CJA produces a ranked, justified list of the assets — datasets, systems, applications, identities, processes — whose compromise or loss would produce unacceptable mission, business, regulatory, or reputational impact, and the dependencies (network paths, credentials, supporting services) that lead to them. The output drives where to concentrate defense-in-depth controls (segmentation, monitoring tier, IR tabletop priority, cyber-insurance scoping, recovery RTO/RPO), what threat models to take most seriously, and which paths in attack-graph terms to disrupt first. CJA is often a precursor to attack-path analysis, MITRE ATT&CK technique prioritization, and adversary-emulation scoping. It is also a common requirement of cyber-insurance underwriting and of regulator-led resilience reviews (DORA, NIS2, U.S. DOD CMMC).

Les défenses contre Crown Jewels Analysis combinent habituellement des contrôles techniques et des pratiques opérationnelles, comme détaillé dans la définition ci-dessus.

Noms alternatifs courants : CJA, Mission-critical asset analysis.