Pervasive vulnerabilities and cyber attacks are a serious source of risk for today’s enterprise. Security breaches, system compromises, and other cybersecurity issues are common and can be severe. FS-ISAC CAPS enables you to put into practice your processes, plans, and resources in response to a cyberbreach. You assess your exercise experience and preparedness while receiving insights on best practices and readiness at your organization and across the financial services industry. Regulators recommend participating in cyber threat exercises like CAPS to support an organization’s resilience, testing, and training.

All FS-ISAC members in the insurance industry.

You designate one person as the primary contact to register your company and coordinate the exercise internally. Your primary contact receives all communications about the exercise, including the FS-ISAC CAPS Pre-Exercise Guide, to help prepare for the exercise by accessing a private Channel in FS-ISAC CONNECT. Prior to the exercise, your Coordinator, who registered for the exercise, accesses instructions, materials, and links to lead the exercise. From your own premises, and on your own schedule, your team reviews and discusses the information available and confidentially answers a set of self-assessment survey questions; you submit the single compiled survey to an Alchemer link.

At your premises, virtually, with our materials, your staff, and your timing. 

On average, teams work together for a few hours for each part of the exercise.

Your team may undertake the exercise during CAPS season on any day(s) and time(s) on your own schedule between 2 September and 17 October. You retrieve the instructions and materials prior to the exercise and set your schedule to best fit the participants and organization. You plan your own schedule.

The exercise applies to all types and sizes of financial services firms, with each team adapting it as necessary, “as they go,” to suit the specific organization participating. 

Survey results are anonymous; however, general demographic questions such as asset size, country code, and industry help us to compile a useful benchmark-type report that most participants find helpful. These results, combined with your extensive team discussions during the exercise, are qualitatively valuable as well. 

FS-ISAC member volunteers work together with FS-ISAC staff to develop scenarios based on current trends and emerging threats; develop questions for discussion and response in the daily feedback survey, to help participating teams assess their preparedness; and script and record roles as members of the incident response team meetings presented in the exercise. 

In the month following the exercise, we collate and tabulate the survey results. You will receive a copy of the results and an invitation to a presentation of the findings, hosted and facilitated by FS-ISAC.