web analytics

CISO PLAYBOOK – Protecting The Crown Jewels by Cyber Leadership Institute – Building a cyber security strategy around high value digital assets


This playbook provides some practical guidelines for enterprises to identify and maintain a tight list of high-value digital assets and develop a highly focused cyber resilience program to maximise the value from cyber security investments and accelerate the strengthening of their cyber resilience posture. Crown Jewels are digital assets that underpin the future success or survival of an enterprise. These applications support business functions or processes whose failure would be so detrimental to an enterprise to significantly erode its competitive advantage, invoke large regulatory fines or sustained scrutiny or result in massive customer exodus.
At a national level, the US Department of Homeland Security defines crown jewels as “assets, systems, and networks, whether physical or virtual, that are considered so vital to the United States that their
incapacitation or destruction would have a debilitating effect on security, national economic security, national public health or safety, or any combination thereof.” In fact, when crown jewels that define your
market leadership are stolen, the harm may be irreversible. In the end, you should be able to answer three vital questions: What are your most valuable digital assets, where do they reside, and are they adequately
The infamous Equifax data breach, in which almost half of USA citizens lost their confidential details to cyber thieves, provides a cautionary tale into the implications of a poorly managed inventory of IT assets.
Equifax, according to the USA Government root cause analysis report, lacked a comprehensive IT asset inventory, meaning it lacked a complete understanding of the assets it owned. “This made it difficult, if not impossible, for Equifax to know if vulnerabilities existed on its networks.”

We propose a series of recommendations from best practices and an approach to:

  • Develop a comprehensive list of high-value digital assets, hereafter referred to as crown jewels, and implement a differentiated controls model.
  • Institutionalise crown jewel assessment into business operational models, such as business process outsourcing, new systems development and a cyber assurance model, making it an inevitable and discrete part of strategic and operational decision-making.

When done right, crown jewel assessment can provide three distinct benefits:

  • Eliminating waste and maximising the value of every dollar invested in cyber security.
  • Creating the optimum balance between security and convenience by eliminating controls that needlessly annoy customers
  • Strengthening executive oversight through measuring what matters and closing regulatory compliance loopholes.
  • At its core, crown jewel assessment is about instituting a disciplined approach to cyber risk management, enabling the business to focus resources on what really matters.
    Consider the analysis in this book to help frame your understanding of both the risk and opportunity. The recommendations and the three-phased approach are supported by the analysis. Detail on the three-phased approach can be found in the Action Plan section of this book.

Download & read the complete do below 👇👇👇


advisor pick´S post