Crown Jewels Analysis
Crown Jewels Analysis 是什么?
Crown Jewels AnalysisA MITRE-popularized methodology that identifies the small set of mission-critical assets whose loss would unacceptably harm the organization, then concentrates protection, monitoring, and IR investment there.
Crown Jewels Analysis (CJA) is a methodology formalized by MITRE in the mid-2010s and incorporated into the U.S. DoD's mission-assurance practice. The premise: most organizations cannot harden everything to the same level, and most adversaries don't care about everything either. CJA produces a ranked, justified list of the assets — datasets, systems, applications, identities, processes — whose compromise or loss would produce unacceptable mission, business, regulatory, or reputational impact, and the dependencies (network paths, credentials, supporting services) that lead to them. The output drives where to concentrate defense-in-depth controls (segmentation, monitoring tier, IR tabletop priority, cyber-insurance scoping, recovery RTO/RPO), what threat models to take most seriously, and which paths in attack-graph terms to disrupt first. CJA is often a precursor to attack-path analysis, MITRE ATT&CK technique prioritization, and adversary-emulation scoping. It is also a common requirement of cyber-insurance underwriting and of regulator-led resilience reviews (DORA, NIS2, U.S. DOD CMMC).
● 示例
- 01
A bank's CJA identifies the payments-clearing system, the customer-master database, and the production HSM as crown jewels and routes their telemetry to a dedicated SOC tier.
- 02
After a CJA, the IR tabletop scenarios for the next year focus on ransomware against the crown-jewel ERP rather than a generic phishing breach.
● 常见问题
Crown Jewels Analysis 是什么?
A MITRE-popularized methodology that identifies the small set of mission-critical assets whose loss would unacceptably harm the organization, then concentrates protection, monitoring, and IR investment there. 它属于网络安全的 防御与运营 分类。
Crown Jewels Analysis 是什么意思?
A MITRE-popularized methodology that identifies the small set of mission-critical assets whose loss would unacceptably harm the organization, then concentrates protection, monitoring, and IR investment there.
Crown Jewels Analysis 是如何工作的?
Crown Jewels Analysis (CJA) is a methodology formalized by MITRE in the mid-2010s and incorporated into the U.S. DoD's mission-assurance practice. The premise: most organizations cannot harden everything to the same level, and most adversaries don't care about everything either. CJA produces a ranked, justified list of the assets — datasets, systems, applications, identities, processes — whose compromise or loss would produce unacceptable mission, business, regulatory, or reputational impact, and the dependencies (network paths, credentials, supporting services) that lead to them. The output drives where to concentrate defense-in-depth controls (segmentation, monitoring tier, IR tabletop priority, cyber-insurance scoping, recovery RTO/RPO), what threat models to take most seriously, and which paths in attack-graph terms to disrupt first. CJA is often a precursor to attack-path analysis, MITRE ATT&CK technique prioritization, and adversary-emulation scoping. It is also a common requirement of cyber-insurance underwriting and of regulator-led resilience reviews (DORA, NIS2, U.S. DOD CMMC).
如何防御 Crown Jewels Analysis?
针对 Crown Jewels Analysis 的防御通常结合技术控制与运营实践,详见上方完整定义。
Crown Jewels Analysis 还有哪些其他名称?
常见的别称包括: CJA, Mission-critical asset analysis。
● 相关术语
- compliance№ 1042
风险评估
风险管理中的结构化活动,针对特定资产识别威胁、脆弱性与影响,并对由此产生的风险进行评级,以支持处置决策。
- defense-ops№ 153
BIA(业务影响分析)
一种结构化分析,用于识别关键业务流程、其依赖关系,以及这些流程中断对运营、财务和声誉造成的影响。
- defense-ops№ 084
攻击面管理(ASM)
对所有可能让组织面临网络攻击风险的资产进行持续的发现、清点、分类和监控。
- compliance№ 330
纵深防御(Defense in Depth)
通过叠加相互独立的安全控制,使任一控制失效时,其他控制仍能防御、检测或遏制攻击的策略。
- appsec№ 1270
威胁建模
一种结构化分析方法,识别系统的资产、威胁、漏洞与缓解措施,从而在设计阶段构建安全,而不是事后弥补。
- network-security№ 809
网络分段
将网络划分为多个区域并对区域间流量进行受控管理的实践,用以遏制入侵并落实最小权限。