What is critical information? This is the factual information that an adversary would need in order to degrade services, disrupt operations, and impact the reputation of an organization. This is also commonly referred to in the commercial space as Crown Jewels.

For example:

• Core network infrastructure
• Information security capability
• Business information:
  • Mergers and acquisition
• Business critical applications:
  • Manufacturing applications
  • Enterprise resource management platforms
• Employee information:
  • Identification of system administrators
• Intellectual property:
  • Planning documentation
  • Schematics
  • Blueprints