The Siege of the Iron Vault
Physical Security Breach at Data Centre
The Iron Vault — your realm's most fortified stronghold, where the ledgers of every noble house and merchant guild are kept under lock, ward, and watchful eye — has been breached. In the dead of night, unknown intruders penetrated its outer defences and gained entry to the inner sanctum. The wards have been disturbed, the sentries deceived, and the full extent of the plunder remains unknown. Rally your council and defend what remains before the enemy strikes again.
Compliance Frameworks
🛡️ Roles & Party Members
Warden of the Iron Vault Required
Incident CommanderLeads the response team, coordinates containment and escalation decisions across physical and cyber domains
Gate Captain Required
Facilities / Physical Security ManagerManages physical access controls, CCTV review, and coordinates with building management and security contractors
Arcane Engineer Required
IT Operations LeadAssesses impact to IT infrastructure housed in the data centre, reviews system integrity and access logs
Keeper of the Codex Required
Compliance / DPOAssesses regulatory notification obligations arising from potential data exposure due to physical compromise
Loremaster Optional
Legal CounselAdvises on law enforcement engagement, evidence preservation, insurance claims, and liability
High Council Elder Optional
Senior ManagementProvides executive decision authority, manages board and regulator communications
Herald of the Realm Optional
Client RelationsManages client communication if data exposure or service disruption affects private banking clients
⚡ Inject Timeline
The Broken Ward — Breach Detection
T+0 MinutesIt is 06:14 UTC on a Monday morning. The outsourced security guard conducting the overnight patrol of the bank's Tier III data centre discovers that the rear fire-escape door on the ground floor is aj...
Mapping the Shadows — Scope Assessment
T+15 MinutesThe initial physical inspection is complete and the server room has been sealed as a potential crime scene. The IT Operations team has begun a remote integrity check of all systems hosted in Room 101....
Summoning the Watch — Law Enforcement and Regulatory Engagement
T+30 MinutesThe Incident Commander has escalated the incident to P1. Law enforcement has been contacted and a detective from the local police Cyber Crime Unit is en route to the data centre. The detective has req...
Rebuilding the Fortress — Recovery and Remediation
T+45 MinutesLaw enforcement forensic examination of the server room is complete. The police have collected physical evidence including fingerprints, fibre samples, and the repositioned CCTV camera. The bank now h...
📋 Debrief Questions
Post-Battle Assessment
- Were physical access controls at the data centre adequate, and what specific failures enabled the breach?
- Was the incident detected in a timely manner, or were there unacceptable gaps between the breach occurring and its discovery?
- How effectively did the team balance the competing priorities of evidence preservation, operational continuity, and law enforcement cooperation?
- Were regulatory notification obligations (GDPR, FCA, PCI-DSS) understood and executed within required timelines?
- What improvements to physical security monitoring — CCTV, tamper detection, badge anti-cloning, USB port controls — should be prioritised?
- How should the bank's classification of 'air-gapped' infrastructure be reviewed in light of this incident?
- Was the client communication strategy appropriate for the UHNW demographic, and how could it be improved?
- What changes to third-party security guard contracts and oversight are needed to prevent recurrence?