Badge Assessment Checklists

This appendix provides specific, measurable criteria for earning Security Domain Badges and clear checklists for players to track their progress.

Badge Tracking System

Clear Tracking Responsibilities

Player Responsibilities: - Use the checklists below to track your own progress - Check off criteria immediately when you demonstrate them in sessions - Keep your checklist with you during every session - Request IM validation at the end of sessions (not during active gameplay) - Submit completed checklists to IM for final badge award

IM Responsibilities: - Observe and note when players demonstrate specific criteria during sessions - Validate completed criteria at session end using observable evidence - Sign off only on criteria that were genuinely demonstrated with clear knowledge - Award badges when ALL criteria are validated complete - Announce badge achievements to encourage others

Step-by-Step Badge Earning Process

During Sessions: 1. Player: Bring checklist to every session 2. Player: Check off criteria as you demonstrate them in real-time 3. IM: Make notes about player demonstrations during gameplay

At Session End: 4. Player: Ask IM to validate any newly completed criteria 5. IM: Review demonstrations and sign off on genuinely completed items 6. Both: Discuss progress and plan focus areas for next sessions

When All Criteria Complete: 7. Player: Submit completed checklist to IM for final review 8. IM: Verify all criteria with signatures and award badge 9. IM: Present badge certificate and announce to community

---

🌐 Network Security Badge Checklist

“Guardian of Digital Highways”

Required Criteria (All Must Be Completed)

Worm Containment Expertise (5 Required): - [ ] Containment 1: Demonstrated network segmentation by explaining specific VLAN isolation or firewall rules to contain Worm spread, with IM observing accurate technical steps - [ ] Containment 2: Identified and blocked specific C2 communication by naming exact IPs, domains, or protocols, resulting in successful threat communication disruption - [ ] Containment 3: Prevented lateral movement by implementing specific access controls (named user accounts, system permissions, or network ACLs) that stopped Worm spread - [ ] Containment 4: Led team coordination where you directed at least 2 other roles in simultaneous system isolation, resulting in successful multi-system containment - [ ] Containment 5: Under time pressure (active Worm spreading scenario), implemented emergency network partitioning using specific tools or procedures within 2 rounds

Technical Proficiency Demonstrations: - [ ] Traffic Analysis: Examined actual network logs/data and correctly identified at least 3 specific indicators of malicious activity (unusual ports, suspicious IPs, abnormal traffic volumes) - [ ] Protocol Understanding: Accurately explained how a specific network protocol (HTTP, DNS, SMB, etc.) was being exploited, including technical details observed by IM - [ ] Tool Proficiency: Named and correctly described using specific network monitoring tools (Wireshark, SIEM platforms, etc.) appropriate for the threat scenario - [ ] Architecture Knowledge: Drew or described network topology showing how threat spreads and where containment points should be placed, with technical accuracy

Response Coordination: - [ ] Team Leadership: Successfully directed at least 3 other players in coordinated network response actions, with clear role assignments and successful outcome - [ ] Stakeholder Communication: Explained network security situation in business terms to simulated executive/user, avoiding technical jargon while maintaining accuracy - [ ] Documentation: Verbally provided or wrote clear incident summary including: what happened, how it was contained, and what network changes were made

Improvement Contribution: - [ ] Lessons Learned: Provided at least 2 specific, implementable recommendations for preventing similar network attacks, based on session scenario - [ ] Process Enhancement: Suggested specific procedural improvements to network response, explaining exactly what should change and why

IM Validation Requirements: IM must observe genuine demonstration of each criterion during gameplay, not just discussion. Sign only when player shows clear technical knowledge and successful execution.

IM Validation Signature: _________________ Date: _________ Badge Awarded: ☐ Yes ☐ Not Yet (explain): _______________________

---

💻 Endpoint Security Badge Checklist

“Protector of Digital Workstations”

Required Criteria (All Must Be Completed)

Malware Containment Expertise (5 Required): - [ ] Containment 1: Successfully contained a Trojan-type Malmon on infected endpoint - [ ] Containment 2: Removed Rootkit-type threat using appropriate tools and techniques - [ ] Containment 3: Prevented malware execution through behavioral blocking - [ ] Containment 4: Coordinated system isolation during active compromise - [ ] Containment 5: Led recovery efforts for severely compromised endpoint

Analysis and Investigation: - [ ] Behavioral Analysis: Identified malicious behavior patterns in system activity - [ ] Artifact Examination: Analyzed malware artifacts to understand capabilities - [ ] Timeline Construction: Built accurate timeline of endpoint compromise - [ ] Impact Assessment: Determined scope of compromise and data at risk

System Hardening and Recovery: - [ ] Recovery Leadership: Successfully led complete system recovery and hardening - [ ] Prevention Strategy: Implemented specific controls to prevent reinfection - [ ] Configuration Management: Applied appropriate security configurations post-incident

Knowledge Demonstration: - [ ] Tool Mastery: Demonstrated competent use of endpoint protection platforms - [ ] Process Understanding: Explained endpoint incident response procedures clearly

IM Validation Requirements: IM must observe genuine demonstration of each criterion during gameplay, not just discussion. Sign only when player shows clear technical knowledge and successful execution.

IM Validation Signature: _________________ Date: _________ Badge Awarded: ☐ Yes ☐ Not Yet (explain): _______________________

---

🗄️ Data Protection Badge Checklist

“Guardian of Digital Assets”

Required Criteria (All Must Be Completed)

Data Threat Response (5 Required): - [ ] Response 1: Successfully prevented data exfiltration during Ransomware attack - [ ] Response 2: Contained Infostealer-type Malmon before significant data loss - [ ] Response 3: Implemented emergency data protection during active breach - [ ] Response 4: Led data recovery efforts using backup systems - [ ] Response 5: Coordinated data breach response including notification procedures

Technical Implementation: - [ ] Backup Strategy: Demonstrated effective backup and recovery strategy deployment - [ ] Encryption Application: Applied appropriate encryption to protect data at risk - [ ] Access Controls: Implemented data access restrictions during incident response - [ ] DLP Techniques: Used data loss prevention techniques to limit exposure

Compliance and Governance: - [ ] Breach Response: Led data breach investigation following established procedures - [ ] Notification Management: Managed appropriate stakeholder notifications for data incidents - [ ] Documentation: Created comprehensive data incident documentation for compliance

Risk Assessment: - [ ] Impact Analysis: Accurately assessed potential impact of data compromise - [ ] Classification Understanding: Demonstrated understanding of data classification principles

IM Validation Requirements: IM must observe genuine demonstration of each criterion during gameplay, not just discussion. Sign only when player shows clear technical knowledge and successful execution.

IM Validation Signature: _________________ Date: _________ Badge Awarded: ☐ Yes ☐ Not Yet (explain): _______________________

---

👤 Human Factor Security Badge Checklist

“Defender Against Social Engineering”

Required Criteria (All Must Be Completed)

Social Engineering Defense (5 Required): - [ ] Defense 1: Identified and countered phishing attack targeting organization - [ ] Defense 2: Prevented social engineering attempt through user education - [ ] Defense 3: Responded effectively to pretexting or impersonation attack - [ ] Defense 4: Led response to business email compromise attempt - [ ] Defense 5: Coordinated organization-wide response to social engineering campaign

Education and Awareness: - [ ] Training Development: Created or contributed to security awareness training materials - [ ] User Engagement: Successfully educated users about social engineering threats - [ ] Behavioral Change: Demonstrated measurable improvement in user security behavior

Communication Excellence: - [ ] Crisis Communication: Managed clear communication during social engineering incident - [ ] Stakeholder Management: Effectively coordinated with executives during human factor incidents - [ ] User Support: Provided supportive, educational response to victimized users

Risk Assessment: - [ ] Vulnerability Analysis: Assessed human factor vulnerabilities in organizational context - [ ] Program Development: Contributed to development of security awareness program

IM Validation Requirements: IM must observe genuine demonstration of each criterion during gameplay, not just discussion. Sign only when player shows clear technical knowledge and successful execution.

IM Validation Signature: _________________ Date: _________ Badge Awarded: ☐ Yes ☐ Not Yet (explain): _______________________

---

🏭 Critical Infrastructure Security Badge Checklist

“Protector of Essential Systems”

Required Criteria (All Must Be Completed)

Infrastructure Threat Response (3 Required): - [ ] Response 1: Successfully defended against threat targeting industrial control systems - [ ] Response 2: Managed incident affecting operational technology (OT) environment - [ ] Response 3: Coordinated response involving both IT and OT systems

Technical Understanding: - [ ] OT Security Principles: Demonstrated understanding of operational technology security requirements - [ ] IT/OT Integration: Explained security implications of IT/OT convergence - [ ] Control System Knowledge: Showed familiarity with ICS/SCADA security concerns

Business Continuity: - [ ] Continuity Planning: Contributed to business continuity and disaster recovery planning - [ ] Operational Impact: Assessed operational impact of security incidents on critical processes - [ ] Recovery Strategy: Developed or implemented recovery strategies for critical infrastructure

Coordination and Leadership: - [ ] Cross-Team Coordination: Successfully coordinated between IT and OT security teams - [ ] Stakeholder Management: Managed communications with operational and executive stakeholders

IM Validation Signature: _________________ Date: _________

---

🏛️ Governance and Compliance Badge Checklist

“Navigator of Regulatory Requirements”

Required Criteria (All Must Be Completed)

Compliance Management (5 Required): - [ ] Management 1: Successfully managed compliance aspects of GDPR-relevant security incident - [ ] Management 2: Handled regulatory reporting requirements during security incident - [ ] Management 3: Managed compliance documentation for industry-specific regulations - [ ] Management 4: Coordinated legal and compliance teams during security incident - [ ] Management 5: Led regulatory notification process during significant security event

Framework Understanding: - [ ] Regulatory Knowledge: Demonstrated understanding of relevant regulatory frameworks - [ ] Risk Framework Application: Applied risk management frameworks to security incidents - [ ] Policy Development: Contributed to security governance policy development

Documentation and Reporting: - [ ] Incident Documentation: Created comprehensive compliance-focused incident documentation - [ ] Regulatory Reporting: Completed accurate regulatory incident reporting - [ ] Risk Assessment: Conducted and documented regulatory risk assessments

Program Development: - [ ] Governance Contribution: Contributed to development of security governance programs - [ ] Compliance Integration: Integrated compliance requirements into security response procedures

IM Validation Requirements: IM must observe genuine demonstration of each criterion during gameplay, not just discussion. Sign only when player shows clear technical knowledge and successful execution.

IM Validation Signature: _________________ Date: _________ Badge Awarded: ☐ Yes ☐ Not Yet (explain): _______________________

---

Badge Award Process

For Players:

1. Track Progress: Use checklists during sessions to note completed criteria
2. Request Validation: Ask IM to validate completed items during or after sessions
3. Complete Requirements: Ensure all criteria are checked off and validated
4. Badge Request: Request badge award when all criteria are complete

For Incident Masters:

1. Observe Performance: Watch for criteria demonstrations during gameplay
2. Validate Completion: Sign off on completed criteria when genuinely demonstrated
3. Award Badges: Present badges when all criteria are verifiably complete
4. Community Recognition: Announce badge achievements to encourage others

Validation Standards:

• Real Demonstration: Criteria must be actually demonstrated, not just discussed
• Context Appropriate: Demonstrations should occur in relevant scenario contexts
• Knowledge-Based: Players should show understanding, not just lucky outcomes
• Collaborative: Recognize both individual contribution and team collaboration

Badge Certificate Template:

MALWARE & MONSTERS SECURITY DOMAIN BADGE

This certifies that

[PLAYER NAME]

has successfully demonstrated mastery of

[BADGE NAME] - [BADGE SUBTITLE]

by completing all required criteria through
collaborative cybersecurity learning sessions.

Awarded on: [DATE]
Validated by: [IM SIGNATURE]
Community: [ORGANIZATION/GROUP]