• Overview
  • FAQ

Join us for a CAPS exercise.

Build a Stronger Incident Response Team


The CAPS virtual tabletop exercise challenges your incident response team to overcome a simulated attack against insurance company systems and processes. Participants practice mobilizing quickly, working under pressure, critically appraising information as it becomes available and connecting the cyber-dots to defend against an attack. One individual registers and leads your internal team through a virtual exercise. The exercise follows a realistic timely scenario involving a fictional insurance organization.

Participating in the exercise helps your team:

  • Strengthen team relationships and cross-functional knowledge
  • Develop a clearer understanding of system vulnerabilities
  • Explore improvements in processes and build stronger response plans
Gain maximum benefit with minimal resources:
  • Take part virtually using our materials in a confidential tabletop exercise
  • The exercise requires only a few hours each day
  • Privately assess your internal processes and gain unattributed peer data for comparison

CAPS is FS-ISAC members only. If your organization is not a member of FS-ISAC, join today.
CAPS 2021 is a members-only benefit and included in FS-ISAC membership tiers 1-5. Members in tiers 6-8 will be invoiced $175 per team registration.

How to register:
  • Log in to FS-ISAC Intelligence Exchange. Select Member Services.
  • Click Events/Training to view upcoming events and register.

Register Now

FAQ

Why participate?

Event Toggle Arrow

Pervasive vulnerabilities and cyber-attacks are a serious source of risk for today’s enterprise. Security breaches, system compromises and many other cybersecurity issues are common and can be severe. FS-ISAC CAPS enables you to put into practice your processes, plans and resources in response to a cyberbreach. You assess your exercise experience and preparedness, while receiving insights on best practices and readiness at your organization and across the financial services industry. Regulators recommend participating in cyber-threat exercises like CAPS support an organization’s resiliency, testing and training.

Who should participate?

Event Toggle Arrow

All FS-ISAC members with an insurance business.

Who should be involved in my company?

Event Toggle Arrow

Typically, the exercise includes the company’s incident response/business continuity/operational resiliency team who would respond to a cyber attack affecting customers using insurance services. Many institutions include Information Technology (IT), risk management, operations, customer service, communications, legal, line of business managers and decision-making incident response executives. Some ask external partners to be available for consultation during the exercise.

How does CAPS work?

Event Toggle Arrow

You designate one person as the primary contact to register your company. Your primary contact receives all communications about the exercise, including the FS-ISAC Cyber Attack Against Payment Systems Pre-Exercise Guide to help prepare for the exercise by accessing a private Channel in the FS-ISAC Connect Chat platform. Prior to each day of the two-day exercise, your Primary Contact receives a reminder email to access instructions, materials and links to conduct the exercise. Each day, from your own premises and on your own schedule, your team reviews and discusses the information available and confidentially answers a set of self-assessment survey questions; the single compiled survey is submitted to a SurveyMonkey link at the end of Day 2.

Where does CAPS take place?

Event Toggle Arrow

At your premises, virtually, with our materials, your staff and your timing.

How long does the exercise take?

Event Toggle Arrow

On average, teams work together for a few hours each day of the exercise.

What time is CAPS?

Event Toggle Arrow

Your team may undertake the exercise at any time on each of the two days or on your own schedule before the end of the sessions (20 October). You may retrieve the exercise prior to the exercise, so you may plan your schedule for each day to best fit the participants and organization.

How can a standard exercise work for my organization?

Event Toggle Arrow

The exercise is designed to apply to all types and sizes of companies in insurance businesses, with each user adapting it as necessary, “as they go,” to suit the specific organization participating.

Who creates the exercise?

Event Toggle Arrow

FS-ISAC member volunteers work together with FS-ISAC staff to develop scenarios based on current trends and emerging threats; develop questions for discussion and response in the daily feedback survey, to help participating teams assess their preparedness; script and record roles as members of the incident response team meetings presented in the exercise.

What is the after-action?

Event Toggle Arrow

In the month following the exercise, the survey results are tabulated for your region and across other regions. You will receive a copy of the results and be invited to a webinar presentation of the findings, hosted, and facilitated by FS-ISAC.

How will the results be meaningful for my organization?

Event Toggle Arrow

Survey results are completed anonymously, however some general demographic questions such as asset size, country code and industry help us to compile a useful benchmark-type report that most participants find helpful. These results, combined with your extensive team discussions during the exercise, are qualitatively valuable as well.

How do I register?

Event Toggle Arrow

Log in to FS-ISAC Intelligence Exchange, select Member Services icon and go to Events/Training.
(If you do not have access to IntelX, your company’s Primary Point of Contact (POC) can request to add a new User directly from the My Team page. When adding a new User, POCs should indicate whether the User requires IntelX access and which groups they will join. All new User requests will be reviewed by FS-ISAC for approval to ensure user access does not exceed the Share user allotments based on the organization’s membership tier.)

Where do I view my event registrations?

Event Toggle Arrow

On the homepage, Users can navigate to the My Events tab under the banner to view their event registrations. POCs will also see the event registrations for all Users at their company. Once payment is complete and the invoice is showing as paid, your team is registered.

How do I ask a question about an invoice?

Event Toggle Arrow

Users can open a Case to ask questions about invoices or payments.
Open a Case -> Case Category: Billing/Payments -> Request Type: General Billing/Invoice Questions

I’ve registered, when can I expect more information on event attendance?

Event Toggle Arrow

Once payment is confirmed, you will receive instructions from the CAPS event staff within 2 weeks.

Can I change the date of the exercise?

Event Toggle Arrow

You may open a Case to request a change.

How can I get more information?

Event Toggle Arrow

Please submit your inquiry in a Case through the Member Services area on FS-ISAC Intelligence Exchange or send an email to CAPS@fsisac.com.

What is a Case?

Event Toggle Arrow

Users can submit a member inquiry or request by opening a Case, which puts your submission into the FS-ISAC Service Desk. By opening a Case, your request will be routed to the appropriate FS-ISAC team for response.

How do I open a Case?

Event Toggle Arrow

Users can open a Case by clicking on Open a Case at the top menu or clicking on the Contact Member Support button located within the app.