Back to Quest Board
🟠

The Traitor Within the Keep

Insider Threat — Privileged Data Theft
P2 — High

A trusted member of your inner council has turned traitor. Under cover of darkness, they have plundered the realm's most sacred records — the identities and fortunes of your most powerful patrons. As the treachery unravels, the conspiracy may reach higher than anyone expected.

60 minutes
DC 13
3 Injects
4–12 Players

Compliance Frameworks

NIST CSF PR.AC ISO 27001 A.9 SM&CR FCA COCON

🛡️ Roles & Party Members

War Chief Required
Incident Commander

Leads the response team, makes containment and escalation decisions

Arcane Engineer Required
IT Operations Lead

Provides technical context, reviews access logs, proposes containment

Keeper of the Codex Required
Compliance / DPO

Assesses regulatory notification obligations, advises on data breach classification

Loremaster Required
Legal Counsel

Advises on employment law, evidence preservation, potential prosecution

Guild Master Optional
HR Representative

Manages employee handling, disciplinary procedures, interview coordination

High Council Elder Optional
Senior Management

Provides executive decision authority, manages SM&CR implications

Herald of the Realm Optional
Client Relations

Manages client communication if notification is required

⚡ Inject Timeline

1
Anomalous Activity Detected — The First Whisper
T+0 Minutes

The Data Loss Prevention (DLP) system has generated an alert. A senior portfolio analyst with privileged access to the Client Relationship Management (CRM) system has downloaded an unusually large dat...

6 Discussion Prompts 1 Dice Events 4 Possible Complications
2
Investigation Findings — The Plot Thickens
T+20 Minutes

A covert review of the analyst's email (authorised by Legal and the DPO under the bank's Acceptable Use Policy) reveals the following: The analyst sent an encrypted ZIP file to a personal email addre...

6 Discussion Prompts 1 Dice Events 4 Possible Complications
3
Complications — The Conspiracy Deepens
T+35 Minutes

During a discreet meeting with HR and Legal, the analyst becomes confrontational and claims they were acting on verbal instructions from their line manager (a Managing Director) to prepare a 'client t...

6 Discussion Prompts 1 Dice Events 4 Possible Complications

📋 Debrief Questions

Post-Battle Assessment
  1. Were DLP controls effective in detecting the data exfiltration?
  2. Was the investigation handled with appropriate legal and HR coordination?
  3. Were evidence preservation procedures adequate?
  4. Were regulatory notification obligations understood?
  5. How should privileged access controls be improved?
  6. What training or awareness measures should be implemented?