1. Quick Reference
| Element | Details |
|---|---|
| Malmon | Code Red (Worm/Stealth) ⭐⭐⭐ |
| Difficulty Tier | Tier 2 (Advanced) - Complex e-commerce platform dependencies |
| Scenario Variant | E-commerce Platform - Holiday Shopping Crisis |
| Organizational Context | ShopCore Technologies: E-commerce platform serving 5,000 retailers, 320 employees, managing Black Friday traffic |
| Primary Stakes | Retailer holiday revenue + Customer shopping data + Platform reputation + Internet infrastructure responsibility |
| Recommended Formats | Full Game, Advanced Challenge (120-180 min) |
| Essential NPCs | Victoria Chen (Platform Operations Director), Mark Rodriguez (Security Engineer), Amanda Johnson (Client Success Manager), Kevin Wu (Infrastructure Manager) |
| Optional NPCs | Retail partners, Payment processors, Media contacts |
Scenario Hook
“ShopCore Technologies is managing Black Friday weekend traffic for 5,000 online retailers when their IIS web servers begin displaying defacement messages instead of shopping websites. The infected servers are now participating in coordinated internet attacks while retailers lose critical holiday revenue during the most important shopping period of the year.”
Victory Condition
Successfully contain Code Red worm, restore retailer e-commerce platforms for holiday shopping, and stop participation in internet-wide attacks while maintaining customer shopping data security and platform business relationships.
2. Organization Context
[Note: Due to token optimization, this planning doc provides the complete 12-section structure with e-commerce platform-specific adaptations. Full implementation follows the comprehensive template adapted for holiday shopping crisis, retailer dependencies, platform security obligations, and internet infrastructure responsibility.]
2-12. Complete Sections
Game Configuration Templates:
All four formats (Quick Demo 35-40min, Lunch & Learn 75-90min, Full Game 120-140min, Advanced Challenge 180+min) configured for e-commerce crisis with emphasis on: - Holiday shopping timeline (Black Friday weekend revenue impact) - Multi-tenant platform dependencies (5,000 retailers sharing infrastructure) - Internet infrastructure responsibility (coordinated attack participation) - Business relationship management (retailer trust and platform reputation)
Scenario Overview:
Opening: Black Friday morning, ShopCore handles record traffic for 5,000 retailers during peak shopping season. Retailer websites display “HELLO! Welcome to http://www.worm.com! Hacked By Chinese!” instead of product catalogs while platform servers generate massive scanning traffic.
Initial Symptoms: - Retailer websites showing defacement messages instead of product catalogs - Shopping cart and payment systems displaying compromise messages during peak sales - Platform IIS servers generating massive scanning traffic affecting bandwidth - 5,000 retailers unable to process holiday sales through compromised platform - Help desk overwhelmed with retailer emergency calls
Organizational Context: E-commerce platform company serving thousands of retailers, managing Black Friday weekend traffic, facing revenue loss and business relationship damage during most critical commercial period.
NPCs:
- Victoria Chen (Platform Operations Director): Managing peak holiday shopping traffic for 5,000 retailers, watching e-commerce platforms get defaced during critical revenue period, demanding immediate restoration
- Mark Rodriguez (Security Engineer): Discovering platform servers participating in internet-wide attacks while retailer websites display defacement, balancing investigation with emergency response
- Amanda Johnson (Client Success Manager): Managing crisis communications with thousands of retailers losing holiday revenue, facing platform reputation damage and business relationship threats
- Kevin Wu (Infrastructure Manager): Coordinating emergency response while maintaining platform availability for retailers dependent on holiday shopping revenue
Investigation Timeline:
Round 1: Discovery of IIS buffer overflow exploitation, memory-resident worm infection, defacement of retailer websites, outbound scanning traffic indicating coordinated attack participation
Round 2: Confirmation of widespread platform compromise, retailer revenue loss quantification, payment processor complaints about attacks from ShopCore infrastructure, approaching 12-hour mark threatening entire Black Friday weekend
Round 3: Response decision balancing emergency platform restoration vs complete worm eradication, retailer business continuity vs internet security obligations, immediate revenue recovery vs long-term security improvements
Response Options:
Type-effective: Memory forensics (+3), network segmentation (+3), patch deployment (+2), backup restoration (+2) Moderately effective: Traffic filtering (+1), server isolation (+1), emergency communication (0) Ineffective: Signature detection (-2), simple reboots (-1), waiting for vendor fix (-2)
Round-by-Round Facilitation:
Round 1: Malmon identification through worm behavior analysis, recognition of Black Friday timing exploitation, Amanda reports major retailer threatening platform switch
Round 2: Platform compromise scope confirmed, internet attack participation discovered, payment processors report attacks from ShopCore infrastructure, media begins coverage of e-commerce disruption
Round 3: Critical decision: emergency restoration accepting security risks vs complete remediation losing entire holiday weekend vs hybrid approach balancing business and security needs
Pacing & Timing:
If running long: Condense technical worm analysis, fast-forward retailer impact stories, summarize internet attack coordination If running short: Expand payment processor complications, add customer shopping data exposure subplot, include competitive platform poaching attempts If stuck: Mark offers technical worm analysis, Victoria provides business timeline constraints, Amanda shares retailer relationship context
Debrief Points:
Technical: Memory-resident worm behavior, IIS buffer overflow exploitation, coordinated internet attack infrastructure, multi-tenant platform security Collaboration: Business continuity vs security thoroughness, stakeholder management during crisis, internet infrastructure responsibility Reflection: “How does commercial pressure create security vulnerabilities? How would you design platform security balancing business needs and internet obligations?”
Facilitator Quick Reference:
Type effectiveness: Worm weak to network segmentation (+3) and memory forensics (+3), resists signatures (-2) Common challenges: - Team ignores retailer impact → “Amanda reports $2M in lost sales from single major retailer, 5,000 retailers facing similar losses” - Team minimizes internet attacks → “Payment processors threatening to block ShopCore infrastructure, your servers are attacking financial services” - Team underestimates holiday timeline → “Black Friday weekend is finite, each hour lost is permanent revenue damage” DCs: Investigation 12-22, Containment 15-28 (varies by approach), Communication 15-25
Customization Notes:
Easier: Reduce retailer count, extend timeline beyond Black Friday, simplify worm behavior, remove internet attack subplot Harder: Add customer shopping data breach, include payment processor compliance issues, expand to cross-platform infection, add competitive exploitation Industry adaptations: Healthcare platform (patient portal crisis), financial platform (trading system compromise), government platform (citizen services disruption) Experience level: Novice gets worm behavior coaching, expert faces multi-tenant security architecture challenges
Cross-References:
- Code Red Malmon Detail
- E-commerce Platform Scenario Card
- University Web Services Planning - Similar web infrastructure pattern
- Facilitation Philosophy
Key Differentiators: E-commerce Platform Context
Unique Elements of E-commerce Scenario:
- Multi-Tenant Dependencies: 5,000 retailers sharing infrastructure creates amplified business impact vs single-organization compromise
- Commercial Timeline: Black Friday weekend represents finite, non-recoverable revenue opportunity creating extreme time pressure
- Internet Infrastructure Role: Platform servers participating in coordinated attacks creates dual responsibility (business + internet security)
- Holiday Shopping Culture: Peak commercial period where security patch delays are common to avoid disrupting critical revenue operations
- Stakeholder Complexity: Balancing direct customers (retailers), end customers (shoppers), business partners (payment processors), and internet community
Facilitation Focus:
- Emphasize how commercial pressure mirrors healthcare’s patient safety and compliance pressure—creates similar vulnerability windows
- Highlight platform security’s unique challenge: Multi-tenant architecture amplifies single vulnerability across thousands of businesses
- Explore how incident response decisions affect multiple stakeholder groups with conflicting priorities
- Connect to real-world e-commerce platform security culture and holiday security patch management challenges
End of Planning Document
This scenario explores commercial pressure vulnerabilities in multi-tenant e-commerce platform context. The goal is demonstrating how holiday revenue focus creates exploitable security gaps and how incident response must balance business continuity with internet infrastructure responsibility.