• Platform

Building an open-source cyber assets map

20 January 2021

Ahren Posthumus is a cyber security specialist and application security analyst for JUMO. He explains what crown jewels are in cyber terms, why it’s important to analyse them and how JUMO went about designing an application that maps the entire process.

“A Crown Jewels Assessment, or CJA, is the first step a company should take when starting a Mission Assurance Engineering process. Basically, it’s an assessment or analysis of an organisation’s critical cyber assets (the so-called crown jewels of the corporation). It asks what risks and threats are associated with the safety of these crown jewels, and what risk mitigation measures are in place to protect them.

Answering these questions is a process and a Crown Jewels Assessment or analysis is the ideal, clear process for identifying which cyber assets are mission critical for a company. It’s also a subset of broader analyses which identify several different types of essential cyber assets, from system development right through to system deployment.

A Crown Jewels Assessment is a crucial undertaking, particularly for large and complex enterprises.

Understanding how issues with IT infrastructure could affect a company’s mission or operations is virtually impossible without a Crown Jewels Assessment. A proper CJA identifies the components of IT infrastructure which enable effective operations. If a company is not aware of how these cyber assets affect its operations, it’s also unlikely to be aware of the measures it should be taking to protect them.

At JUMO, we started the CJA mapping process when we couldn’t find a tool that could map out our cyber assets effectively. There was nothing available on the market to meet our needs and so, after much deliberation and hard work — we created our own CJA mapping software.

We have written, tried and tested an application that effectively enables big and intricate companies to track their critical cyber assets in relation to all the system components of the organisation. The application is able to link a company’s infrastructure systems, including the likes of software services such as Slack, servers, Cloud infrastructure and monitoring tools, to mission objectives. It then provides an analysis of how these cyber assets impact the mission objectives.

Since we’re sure it’s not just JUMO that has a need for this type of mapping and tracking tool, we’ve decided to make the application freely available to all other companies, across the globe, by making it an open-source application. The feedback so far has been really positive. You can access the CJA tool here to identify and protect those crown jewels.”

Live link: https://jumo.world/

We’d love your feedback: security@jumo.world

A security business analyst for a leading cryptocurrency platform in Africa has said that the map has been instrumental for accurately identifying, assessing and mitigating inherent information security risks. The tool is adaptable and provides valuable insight into operational processes that might negatively impact others or an organisation’s overall mission.