Crown Jewel Analysis: How to Figure Out What to Protect

Adam Goss
13 min readMay 20, 2024
Crown Jewel Analysis

Crown Jewel Analysis teaches you what to protect and how to protect it. This fundamental risk management methodology has been used for decades to help organizations determine what is important to them and where to prioritize their resources to defend against cyber attacks.

This guide delves into this risk management methodology to show how to use it today. It explores Crown Jewel Analysis, its benefits, and how to perform it. There are also recommendations for tools to help you use this methodology in the real world and practical examples to show how to secure a fictitious hair salon against cyber threats.

Let’s jump in and learn Crown Jewel Analysis so you can focus on defending what is most important to your business today!

What is Crown Jewel Analysis?

Crown Jewel Analysis (CJA) is a risk management methodology used in cyber security to identify and prioritize the protection of an organization’s most valuable assets, which are its crown jewels.

A crown jewel can be anything essential to an organization’s operations, reputation, and success. These assets could be:

  • Sensitive data = personally identifiable information (PII) or customer financial data.
  • Intelligence property, trade

--

--

Adam Goss

Helping demystify cyber threat intelligence for businesses and individuals | CTI | Threat Hunting | Custom Tooling