Presented at ColaSEC on Feb 15th 2022 by Mackenize Morris

Presentation Synopsis: Risk Management is one of the most difficult aspects of industrial cyber security. The variables that contribute to calculating risk can be hard to quantify and fully understand. The Crown Jewel Analysis (CJA) is a tool for key stakeholders to assess their organization’s environment from an interdependency and impact perspective; however, it can be extended to include threat mapping in order to build a threat profile for the organization. Following the CJA and understanding each tranche and associated attributes from an adversary point of view is necessary for prioritizing and aligning required resources to prevent and mitigate potential attacks. To enable critical infrastructure defenders, there must be a framework in place for the ingestion of threat intelligence and corresponding critical functions/components of the organization. This mapping enables organizations to improve their security programs.