Skip to content
Class Hub – Choose Your Path to Compliance
"Already know your role? Jump straight into the quests that match your responsibilities and domain."
Welcome to your role-based command center. Whether you're the only security lead at a scrappy startup or a GRC specialist at a scaling company, this hub lets you filter the noise and focus on the tasks that match your strengths and duties.
🧩 Class Overview Table
A quick breakdown of each class’s domain expertise and relevant framework anchors:
Class
Primary Focus Areas
Framework Relevance
🧙 Policy Mage
Policy & Governance, Compliance Frameworks
SOC 2 §1, ISO 27001: A.5
🛡️ Risk Barbarian
Risk Management
SOC 2 §1, ISO 27005, NIST RMF
🏹 IAM Ranger
Access Control
SOC 2 §2, ISO A.9, NIST AC-2
🧝 IR Paladin
Incident Response, Business Continuity / DR
SOC 2 §5, ISO A.16
📜 Audit Bard
Audit & Evidence
All frameworks require you 😅
🧑🌾 Asset Druid
Asset Management
ISO A.8, NIST CM-8
🐍 Vendor Rogue
Third-Party/Vendor Risk
ISO A.15, NIST SC-30
🔮 Awareness Sorcerer
Security Awareness
SOC 2 §1, ISO A.7
👁️ Logging Watcher
Monitoring & Logging
ISO A.12.4, SOC 2 §5
🧰 Techsmith
Vulnerability Management, Hardening
NIST CM-6, ISO A.14
🦉 Lorekeeper
Documentation & Knowledge
Every framework, every time
🧾 Contract Scribe (NEW)
Legal Reviews, DPAs, NDAs
GDPR, ISO A.15, SOC 2 contracts
🧙♂️ Compliance Wizard (NEW)
Framework Mapping & Strategy
SOC 2, ISO 27001, HIPAA
There are no rows in this table
🧭 Filtered Class Quest Boards
Jump directly into the quests for your role:
🧙 Policy Mage
🛡️ Risk Barbarian
🏹 IAM Ranger
🧝 IR Paladin
📜 Audit Bard
🧑🌾 Asset Druid
🐍 Vendor Rogue
🔮 Awareness Sorcerer
👁️ Logging Watcher
🧰 Techsmith
🦉 Lorekeeper
🧙♂️ Compliance Wizard
🧾 Contract Scribe
Assigned Class:
All
Class Quest Boards
Status
Quest Name
Description
Dungeon Level
Assigned Class
Control Area
Framework Tags
Assigned To
Completion Date
Complete?
Quest Type
XP Value
XP Earned
Not Started
Send a Fun Security Reminder to Your Team
Share a meme or tip about phishing, MFA, or passwords in Slack/email.
🪴 Level 0 – The Courtyard of Curiosity
🔮 Awareness Sorcerer
Security Awareness
CIS
NIST CSF
Complete ✅
Side Quest
10
0
Not Started
Update Your Own Passwords
Walk the talk—rotate your own creds in a secure password manager.
🪴 Level 0 – The Courtyard of Curiosity
🏹 IAM Ranger
Access Control
NIST CSF
CIS
Complete ✅
Side Quest
10
0
Not Started
Review One Outdated Policy
Pick any dusty doc, review it for accuracy, and mark it for future updates.
🪴 Level 0 – The Courtyard of Curiosity
🧙 Policy Mage
Policy & Governance
SOC 2
ISO 27001
Complete ✅
Side Quest
15
0
Not Started
Watch a 10-Minute Security Training Video
Stay sharp—watch something relevant from YouTube or a vendor library.
🪴 Level 0 – The Courtyard of Curiosity
🔮 Awareness Sorcerer
Security Awareness
ISO 27001
NIST CSF
Complete ✅
Side Quest
10
0
Not Started
Log in to Your SIEM or Dashboard (Just to Check)
Visibility matters. Even a casual look helps keep the village safe.
🪴 Level 0 – The Courtyard of Curiosity
👁️ Logging Watcher
Monitoring & Logging
ISO 27001
CIS
NIST CSF
Complete ✅
Side Quest
10
0
Not Started
Identify a Shadow IT Tool
Find something your team is using that isn’t in your asset inventory
🪴 Level 0 – The Courtyard of Curiosity
🧑🌾 Asset Druid
Asset Management
CIS
NIST CSF
Complete ✅
Side Quest
15
0
Not Started
Add Two New Risks to Your Risk Register
Think creativity - what’s a risk no one’s thought of yet?
🪴 Level 0 – The Courtyard of Curiosity
🛡️ Risk Barbarian
Risk Management
ISO 27001
NIST CSF
CIS
Complete ✅
Side Quest
20
0
Not Started
Share an Awareness Resource Internally
Post a checklist, blog or infographic that helps others get smarter
🪴 Level 0 – The Courtyard of Curiosity
🔮 Awareness Sorcerer
Security Awareness
ISO 27001
NIST CSF
Complete ✅
Side Quest
15
0
Not Started
Host a “Lightning Talk” on a Security Topic
10-minute meeting or huddle. Get nerdy, be helpful
🪴 Level 0 – The Courtyard of Curiosity
🔮 Awareness Sorcerer
Security Awareness
SOC 2
NIST CSF
Complete ✅
Side Quest
25
0
Not Started
Create a Personal Security Cheatsheet
Draft a 1-pager with your own security best practices, bookmarks, or tools.
🪴 Level 0 – The Courtyard of Curiosity
🔮 Awareness Sorcerer
Security Awareness
NIST CSF
CIS
Complete ✅
Side Quest
30
0
Not Started
Clean Up an Old Shared Drive Folder
Delete/archive that dusty directory no one touches but everyone fears
🪴 Level 0 – The Courtyard of Curiosity
🧑🌾 Asset Druid
Asset Management
ISO 27001
SOC 2
Complete ✅
Side Quest
10
0
Not Started
Review MFA Settings for Your Main Accounts
Log into key accounts and verify that MFA is enabled and functioning.
🪴 Level 0 – The Courtyard of Curiosity
🏹 IAM Ranger
Access Control
CIS
SOC 2
Complete ✅
Side Quest
20
0
Complete
Test Restoring a File from Backup
Grab a file from backup and walk through the restore process to confirm it's usable.
🪴 Level 0 – The Courtyard of Curiosity
🧝 IR Paladin
Business Continuity/DR
ISO 27001
CIS
🎉 DONE! 🎉
Side Quest
10
10
Complete
Draft a “Security 101” doc for new hires
Write a simple internal doc or Notion page with onboarding security basics.
🪴 Level 0 – The Courtyard of Curiosity
🦉 Lorekeeper
Security Awareness
SOC 2
ISO 27001
🎉 DONE! 🎉
Side Quest
45
45
Complete
Draft Acceptable Use Policy
Define the boundaries of technology use across the kingdom. From coffee shop Wi-Fi to forbidden torrent magic, lay the law of the land.
🏕️ Level 1 – Forest of Foundational Policies
🧙 Policy Mage
Acceptable Use
ISO 27001
NIST CSF
SOC 2
🎉 DONE! 🎉
Main Quest
30
30
Complete
Publish Password & Authentication Policy
Craft a sacred scroll that binds all users to secure credentials. Bonus points if it slays the ancient beast known as “Password123.”
🏕️ Level 1 – Forest of Foundational Policies
🧙 Policy Mage
Access Control
CIS
ISO 27001
SOC 2
🎉 DONE! 🎉
Main Quest
30
30
Not Started
Create a Security Policy Approval Process
Document the path every new policy must follow to gain the royal seal of approval. Who reviews it? Who signs it? Where is it stored? Without this process, your scrolls of power may never become official doctrine. Establish the ritual.
🏕️ Level 1 – Forest of Foundational Policies
📜 Audit Bard
Policy & Governance
SOC 2
ISO 27001
Complete ✅
Main Quest
10
0
Not Started
Create Remote Work & BYOD Policy
Establish the rules for mages and merchants working from afar, including what personal artifacts (devices) may access the realm.
🏕️ Level 1 – Forest of Foundational Policies
🧙 Policy Mage
Policy & Governance
NIST CSF
SOC 2
Complete ✅
Main Quest
25
0
Not Started
Document Data Classification & Handling Policy
Identify the kingdom’s crown jewels—and specify how they're to be guarded, handled, and never left in unlocked carriages (or USBs).
🏕️ Level 1 – Forest of Foundational Policies
🧙 Policy Mage
Data Protection & Privacy
ISO 27001
CIS
NIST CSF
Complete ✅
Main Quest
40
0
Not Started
Define Roles & Responsibilities (RACI) for Security
Clarify who defends what part of the realm. Define the sentinels, scribes, and spellcasters responsible for each control domain.
🏕️ Level 1 – Forest of Foundational Policies
🧙 Policy Mage
Policy & Governance
SOC 2
ISO 27001
Complete ✅
Main Quest
25
0
Not Started
Conduct Asset Inventory (Hardware & Software)
Map all magical items and cursed relics (aka devices and applications) under your domain. If it connects, it gets cataloged.
🌾 Level 2 – Plains of Risk & Inventory
🧑🌾 Asset Druid
Asset Management
ISO 27001
CIS
Complete ✅
Main Quest
40
0
Not Started
Draft Data Classification Policy
Define the types of data that flow through your kingdom—public, internal, confidential, restricted—and how each should be handled, protected, and enchanted. This quest ensures every scroll, crystal, and magical message receives the correct level of protection across the realm.
🌾 Level 2 – Plains of Risk & Inventory
🧙 Policy Mage
Data Protection & Privacy
ISO 27001
SOC 2
NIST CSF
Complete ✅
Main Quest
15
0
Not Started
Create Risk Register with Top 10 Risks
Chronicle the most fearsome threats facing the realm—from phishing banshees to shadow IT spirits—and assign them risk ratings.
🌾 Level 2 – Plains of Risk & Inventory
🛡️ Risk Barbarian
Risk Management
NIST CSF
ISO 27001
Complete ✅
Main Quest
50
0
Not Started
Review Vendor Data Processing Agreement (DPA)
Examine the DPA terms for privacy, security, and compliance obligations. Identify any gaps in vendor alignment with your control environment.
🌾 Level 2 – Plains of Risk & Inventory
🧾 Contract Scribe
Third Party/Vendor Risk
SOC 2
ISO 27001
GDPR
Complete ✅
Main Quest
10
0
Not Started
Run First Risk Assessment Workshop
Gather the Council of Stakeholders to assess and align on top risks. May require coffee and charisma modifiers.
🌾 Level 2 – Plains of Risk & Inventory
🛡️ Risk Barbarian
Risk Management
ISO 27001
NIST CSF
Complete ✅
Main Quest
60
0
Complete
Tag Crown Jewels (Critical Data/Systems)
Identify the realm’s most precious data vaults and enchanted systems. These require the strongest wards and attention.
🌾 Level 2 – Plains of Risk & Inventory
🧑🌾 Asset Druid
Asset Management
SOC 2
ISO 27001
🎉 DONE! 🎉
Main Quest
30
30
Complete
Define Risk Appetite & Scoring Methodology
Determine how much peril the kingdom is willing to tolerate before raising shields. Standardize how risk is scored across domains.
🌾 Level 2 – Plains of Risk & Inventory
🛡️ Risk Barbarian
Risk Management
ISO 27001
NIST CSF
🎉 DONE! 🎉
Main Quest
40
40
Complete
Implement MFA for All Admin Accounts
Enchant all administrative accounts with multi-factor defenses. The stronger the spell, the harder it is for invaders to breach.
🏰 Level 3 – Enclave of Access Control
🏹 IAM Ranger
Access Control
SOC 2
NIST CSF
🎉 DONE! 🎉
Main Quest
50
50
Complete
Review User Roles & Permissions (RBAC)
Ensure each adventurer has only the powers they need. Too much access, and they may accidentally unleash data dragons.
🏰 Level 3 – Enclave of Access Control
🏹 IAM Ranger
Access Control
SOC 2
ISO 27001
🎉 DONE! 🎉
Main Quest
40
40
Not Started
Create Access Control Policy
Define the sacred rules of access—who can enter which chamber, and what they may do within. No “Open All Doors” spell allowed.
🏰 Level 3 – Enclave of Access Control
🧙 Policy Mage
Access Control
ISO 27001
NIST CSF
SOC 2
Complete ✅
Main Quest
30
0
Not Started
Establish Account Termination Process
Build a ritual for revoking access when heroes leave the party (aka employee offboarding). Prevent ghost accounts from lingering.
🏰 Level 3 – Enclave of Access Control
🏹 IAM Ranger
Access Control
SOC 2
ISO 27001
Complete ✅
Main Quest
25
0
Not Started
Review Privileged Accounts & Add Alerts
Audit the kingdom’s highest-powered accounts and place magical tripwires to detect suspicious activity in real time.
🏰 Level 3 – Enclave of Access Control
👁️ Logging Watcher
Monitoring & Logging
NIST CSF
CIS
SOC 2
Complete ✅
Main Quest
45
0
Not Started
Write Incident Response Plan
Forge a battle plan for digital war. Who fights, who speaks, and what scrolls must be summoned when an attack strikes.
☠️ Level 4 – Catacombs of Incident Response
🧝 IR Paladin
Incident Response
ISO 27001
NIST CSF
Complete ✅
Main Quest
70
0
Not Started
Set Up IR Communication Matrix
Define how and to whom alerts are sent during an incident. Build a comms tree worthy of a royal decree.
☠️ Level 4 – Catacombs of Incident Response
🧝 IR Paladin
Incident Response
ISO 27001
NIST CSF
Complete ✅
Main Quest
30
0
Not Started
Conduct Tabletop Exercise (Stimulated Attack)
Simulate a breach scenario. Practice what the team would do if the firewall fell and monsters got in. No actual screaming necessary.
☠️ Level 4 – Catacombs of Incident Response
🧝 IR Paladin
Incident Response
SOC 2
ISO 27001
Complete ✅
Main Quest
80
0
Not Started
Document Lessons Learned Playbook
After every battle, there are lessons. Document them, share them, and feed them to the lore library so others may be wiser.
☠️ Level 4 – Catacombs of Incident Response
🧝 IR Paladin
Incident Response
ISO 27001
NIST CSF
Complete ✅
Main Quest
40
0
Not Started
Write Business Continuity Plan
Craft a sacred scroll outlining how your organization will survive major disruptions—be it dragon fire (natural disaster), warlocks of outage (downtime), or data storms (cyberattacks). The plan should define critical systems, RTOs/RPOs, team responsibilities, and recovery procedures. This is the cornerstone of true operational resilience.
☠️ Level 4 – Catacombs of Incident Response
🧝 IR Paladin
Business Continuity/DR
ISO 27001
NIST CSF
CIS
Complete ✅
Main Quest
20
0
Not Started
Review Backup and Recovery Procedures
Summon your system recovery mages and examine the runes they’ve carved into your backup rituals. Is your data being preserved regularly? Can you restore it when calamity strikes? Identify gaps and improvements in your backup strategy—and test your power with a recovery drill.
☠️ Level 4 – Catacombs of Incident Response
🧝 IR Paladin
Business Continuity/DR
ISO 27001
CIS
Complete ✅
Main Quest
15
0
Not Started
Prepare Evidence Folder for SOC2 or ISO 27001
Gather your enchanted scrolls, annotated diagrams, and control artifacts into one mighty archive—ready to present to the Auditor Dragon.
🐉 Level 5 – The Audit Boss Fight
📜 Audit Bard
Audit & Evidence
SOC 2
ISO 27001
Complete ✅
Main Quest
100
0
Not Started
Map Controls to ISO 27001 Annex A
Review existing security controls and formally map them to ISO/IEC 27001 Annex A requirements. Note any deltas for corrective action planning.
🐉 Level 5 – The Audit Boss Fight
🧙♂️ Compliance Wizard
Compliance Framework
ISO 27001
Complete ✅
Main Quest
75
0
Not Started
Document Framework Control Mappings
Chart a crosswalk between your security controls and the major frameworks (SOC 2, ISO 27001, NIST CSF, CIS). This master document proves your kingdom’s alignment and serves as the ultimate spellbook when fending off auditor dragons. Clarity here brings victory.
🐉 Level 5 – The Audit Boss Fight
🧙♂️ Compliance Wizard
Compliance Framework
CIS
NIST CSF
ISO 27001
SOC 2
Complete ✅
Main Quest
25
0
There are no rows in this table
🎯 Class Essentials – Top Quests to Start With
Class
Starter Quests
XP
🧙 Policy Mage
Draft Acceptable Use Policy
15
🧑🌾 Asset Druid
Create Asset Inventory
10
🧝 IR Paladin
Write Basic Incident Response Plan
20
🔮 Awareness Sorcerer
Run Phishing Simulation
10
🧾 Contract Scribe
Review Top 3 Vendor DPAs
10
There are no rows in this table
Use these if you're unsure where to begin or need a fast win.
💡 Why Your Class Matters
Your role isn’t just a label—it reflects a crucial pillar in the compliance structure.
Class
Why This Role is Critical
🛡️ Risk Barbarian
If you don’t define risks, you're guessing. That’s dangerous.
📜 Audit Bard
Without evidence, it’s just a story—not a system.
🧰 Techsmith
You prevent breaches before they need investigating.
🐍 Vendor Rogue
Supply chain risk is the silent killer of modern compliance.
🧙♂️ Compliance Wizard
You ensure the entire dungeon operates under the same spellbook.
There are no rows in this table
Want to print your doc?
This is not the way.
This is not the way.
Try clicking the ⋯ next to your doc name or using a keyboard shortcut (
CtrlP
) instead.