| Category |
Points |
What earns full credit |
Common deductions |
| Deception Design |
/ 25 |
- Includes 3+ deception techniques that reliably mislead players.
- At least 1 deception technique uses environmental cues (lighting, decoration, texture, symmetry).
- Deception is intentional (not random) and supports protecting the secure room.
|
- -5 to -10: Only 1–2 deception techniques
- -5: Deception is obvious/predictable
- -5: Deception doesn’t connect to protecting the vault
|
| Access Control |
/ 25 |
- Includes 2+ access control mechanisms (locks, keys, redstone checks, two-step/MFA).
- At least 1 control is layered (requires more than one condition).
- Controls function correctly (authorized users can pass; intruders are delayed/blocked).
|
- -5 to -10: Only 1 access control mechanism
- -5: Controls don’t work or are easily bypassed
- -5: No layering (single lock only)
|
| Maze Design & Playability |
/ 20 |
- Maze has a clear structure (paths, intersections, dead ends, loops).
- Solvable without frustration; legit user can complete in ~3 minutes.
- Maze difficulty comes from design, not unfair traps.
|
- -5: Too short / trivial (no real choices)
- -5: Too confusing / impossible / unfair traps
- -5: No clear secure objective or layout is random
|
| Cyber Connection |
/ 15 |
- Student clearly maps features to cybersecurity concepts.
- Uses correct terms (deception, honeypot/decoy, authentication, authorization, MFA, layered defense).
- Explains how the design guides/delays/confuses an intruder.
|
- -5: Vague “security” explanation
- -5: Incorrect use of terms
- -5: No real-world parallel examples
|
| Reflection Response |
/ 15 |
- Answers all reflection questions with specific examples from the maze.
- Identifies what fooled attackers and what controls slowed them down.
- Suggests one improvement that would strengthen security without making it impossible.
|
- -5: Incomplete answers
- -5: No examples from their own maze
- -5: No improvement suggestion
|