Crown Jewels Risk Assessment

Identify your mission-critical information assets and assess adversarial threats to them with a Crown Jewels Assessment.

The most valuable data, intellectual property and trade secrets that form the heart of an organisation’s identity are commonly referred to as its Crown Jewels. For most organisations, up to 2% of total sensitive data constitutes intellectual property, and other enterprise-critical data represents an estimated 70% of the value of publicly traded corporations.

A crown jewels assessment relies on data asset classification to identify the most valuable data and along with risk analysis, helps organisations prioritise security efforts and align security investment accordingly. In an age of persistent targeted cyber attacks, a company’s crown jewels have never been more vulnerable. The theft, misuse or corruption of these critical assets can cripple operations, severely damage brand reputation, and dramatically reduce shareholder value.


Assessing Risk

The Acora Crown Jewels Assessment was developed primarily to help organisations analyse and identify the cyber assets that are most critical to a business. The assessment identifies the assets that demand the most protection and establishes why continuous evaluation in the face of changes to the business and threat landscape.

Define – Determine the data protection objectives and develop an organisational data model.

Discover – Understand the data lifecycle/ environment and identify areas of critical data storage, traffic, access.

Baseline – Establish baseline requirements and assess current controls to identify gaps and determine solutions.

Secure – Plan and prioritise technical and business process transformations. Design & implement solutions that protect critical data and align with or enable business growth objectives.

Monitor – Determine metrics and processes for monitoring, response, and communications, and continually revalidate and improve program effectiveness.

Risk Assessment Aims


  • How is critical data used in the business and by whom?
  • What business processes rely on it?
  • What is the acceptable level of risk?
  • What happens when our critical data is shared outside the enterprise?