1
On-demand access, benchmarked results
CAPS is a discussion-based exercise in which organizations walk through a real-world scenario in their own time and respond to a series of questions on how they would respond. The goal of CAPS is to help organizations to create stronger cross-functional relationships, improve incident response plans, and gain a clearer understanding of system vulnerabilities.
The CAPS exercise challenges incident response teams to overcome a simulated attack against a fictional financial services organization. Participants practice mobilizing quickly, working under pressure and recognizing critical intelligence to defend against an attack.
CAPS is available to all members, with three separate versions for Banking, Insurance, and Securities & Investments. Members in Tiers 1-5 receive CAPS as part of annual membership fees. Members in Tiers 6-8 make payment of US$ 175 by card when registering. FS-ISAC reserves the right to decline participation.
Banking FAQ
Insurance FAQ
Securities & Investments FAQ
2
Hands-on keyboard simulation, real-world experience
As new cyber challenges emerge, it is critical for security teams to get hands-on practice at cyber defense. Our cyber range program, powered by Cyberbit, helps our members get real-world experience in responding to new cyber threats while benefiting from the knowledge of industry peers in a secure and trusted environment.
Exercises are structured to provide participants with:
To register:
1. Login via Intelligence Exchange
2. Select the Member Services icon
3. Select the Event/Training tab
4. Select the desired exercise
If you are a member and do not have an Intelligence Exchange account, please contact FS-ISAC Admin.
3
Act out response processes, assess interactions
As part of its continuing support of the sector’s broad preparedness and operational resilience efforts, FS-ISAC’s Steel Resolve exercise provides an environment for participants to act out their policies and procedures in real-time in response to a large-scale attack on a global financial institution.
Steel Resolve is a significant step in the sector’s ability to observe and assess incident response capabilities at the firm level, the interaction between firms, and the public-private partnership activities.
Through this exercise we identify opportunities to improve information sharing and sector coordination across FS-ISAC committees. These recommendations get incorporated into FS-ISAC’s playbook to improve its ability to support the incident management process.
4
Strategic discussions on a wide range of scenarios
London FinCyber UK: Focused on improving operational resilience in the EMEA region by exploring a significant disruption to the operational capability of a section of the financial sector.
Post-Quantum Computing: Focused on developing incident response strategies for post-quantum computing and its implementation throughout the financial sector.
Sheltered Harbor: Tests current Sheltered Harbor incident response frameworks and advances ongoing collaboration for future improvement to policies and procedures.
MRT & Communications: Tests the current response framework of FS-ISAC’s Media Response Team during an incident and focuses on improving communications outcomes.
FS-ISAC partners with the Financial Services Sector Coordinating Council (FSSCC), US Treasury Department and other US government agencies including law enforcement to develop these one-day exercises aimed at improving the cyber threat response within the US financial sector.
Simulations mimic a variety of attacks. Participants include members of both the public and private sectors, so that results can be formed into improved public/private coordination strategies.
Insider Threat: Tests organizational and sector response frameworks to an insider threat in order to understand and improve current policies and procedures.
Incident Comms & Messaging: Advances public-private strategic communications and messaging and ongoing collaboration with public affairs offices to continuously improve tailored messaging in response to an incident.
*Hamilton exercises are specific to US-based financial institutions
5
International in scope, collaborative in practice
Tri-Sector: Tests the Tri-Sector Playbook created with the energy and telecommunications sectors to unearth potential improvements to the framework.
Locked Shields: An international, operations-based exercise organized by NATO’s CCDCOE, enabling cybersecurity experts to enhance their skills in defending national IT systems and critical infrastructure under real-time attacks, as well as testing strategic level response. See more here.
CyberStorm: An operations-based exercise hosted by the US CISA, designed to bring together the public and private sectors to simulate discovery of and response to a significant cyber incident impacting the United States’ critical infrastructure.
National Level Exercise: Run by the US’ FEMA, NLEs provide the opportunity for all levels of government, the private sector, nongovernmental organizations, and community groups to test operational capabilities, evaluate policies and plans, familiarize personnel with roles and responsibilities, and foster meaningful interaction and communication across the country.
GridEx: A biennial exercise hosted by North American Electric Reliability Corporation’s (NERC) E-ISAC, GridEx gives E-ISAC member and partner organizations a forum to practice response to and recovery from coordinated cyber and physical security threats and incidents.
Follow Us
