2016 CAPS Exercises for Regulated Financial Institutions in Asia-Pacific


FS-ISAC 2016 Cyber Attack Against Payment Systems (CAPS)

12-13 October

Participate in a simulated tabletop exercise responding to a cyber attack scenario related to same-day wholesale payment systems. Test your Incident Response preparedness.

Offered exclusively for regulated financial institutions in the Asia-Pacific region

No charge to participate

The Cyber Attack Against Payment Systems (CAPS) is a confidential two-day, tabletop exercise to simulate an attack on payment systems and processes. Formerly named CAPP, this annual exercise was held for European financial institutions for the first time in 2015, and has been held for the past six years for U.S. financial institutions.

2016 CAPS APAC simulates a robust, real-world cyber attack against same-day wholesale payment systems to challenge incident response teams to practice mobilizing quickly, working under pressure, critically apprising information, as it is available, and connecting the cyber dots to defend against the attack. This respected model:

  • Discovers gaps in incident response plans
  • Strengthens incident response team relationships
  • Builds understanding of system vulnerabilities
  • Drives exploration of improvements in response

After your financial institution is registered, your primary contact will receive information on how all of your incident response team members can participate.

  • 12-13 October | Registration deadline 30 September


To register, click here: 



Frequently Asked Questions about CAPS 2016

HOW DOES CAPS WORK? One person registers your company as Primary Contact. They receive pre-CAPS preparation information, Incident Response Meeting files, and supporting materials at their workstation each morning. Your team reviews and discusses the information available each day and answers a set of survey questions. You will not be asked for any confidential or identifying information.

WHAT FINANCIAL INSTITUTIONS CAN PARTICIPATE IN CAPS-APAC? CAPS-APAC is open to all FS-ISAC members and regulated financial institutions in the Asia-Pacific region. It can be a valuable exercise for regulated financial institutions in any Asia-Pacific country.

HOW DOES OUR PRIMARY CONTACT KNOW WHAT TO DO? Your primary contact will be sent a pre-CAPS package with all the details, help-line phone number, email contact, and other helpful hints to prepare him/herself, the team, and your company.

HOW MUCH TIME DOES CAPS TAKE? On average, teams work together for about an hour each day of the exercise. WHAT IS THE REGISTRATION COST? There is no cost for regulated financial institutions to participate.

WHAT IS THE REGISTRATION COST? There is no cost for regulated financial institutions to participate. 

IS THIS A VULNERABILITY TEST OF OUR SYSTEM? No. CAPS is a tabletop, simulated exercise. Participating in CAPS will allow you to privately assess your systems and response plans.

WHO SHOULD BE INVOLVED? Typically, the incident response team includes Operations, IT, Risk, Legal, Customer Service, and Communications. Some organizations invite others, such as an executive manager to participate in or observe during the exercise.

WHAT ABOUT THE SURVEY? Survey answers are private and submitted anonymously. Responses are analyzed to produce an overall picture of how financial institutions are responding to cyber attacks and best practices generally emerge. Most organizations use the survey internally to assess and improve their response.

WHAT IS THE AFTER-ACTION? A results WebEx for all participants will be hosted by FS-ISAC in mid November.

HOW WILL THE RESULTS BE MEANINGFUL FOR MY FINANCIAL INSTITUTION? The surveys are completed anonymously, however some general demographic questions such as asset size, country code, and industry focus helps compile a useful benchmark-type report that most financial institutions should find helpful.

WHO CAN I CONTACT IF I HAVE SPECIFIC QUESTIONS? Contact CAPS-APAC@fsisac.com. For specific questions not addressed here or in the supporting materials, contact John Salomon at +61 (0) 3 9699 3397 or jsalomon@fsisac.com or Robert Poh at +65 90226922 or rpoh@fsisac.com