Cyber risks are increasingly critical business risks. To minimize these constantly evolving threats, today’s financial institutions prepare through exercises – simulating realistic, timely attack scenarios and practicing teams’ responses.
FS-ISAC’s CAPS cyber exercise is unique in the sector - a coordinated, distributed large-scale exercise with hundreds of financial institutions and thousands of practitioners participating every year.
The CAPS virtual tabletop exercise challenges your incident response team to overcome a simulated attack against your systems and processes. Participants practice mobilizing quickly, working under pressure, critically appraising information as it becomes available, and connecting the dots to defend against a cyber attack on a fictional securities and investments firm.
Participating in the exercise helps your team:
Gain maximum benefit with minimal resources:
Complete the exercise on your own schedule between 5 September and 21 October.
How to register:
** If you are a member but do not have an Intelligence Exchange account, please reach out to your POC or email Member Services.
Registration deadline: 7 October
Pervasive vulnerabilities and cyber attacks are a serious source of risk for today’s enterprise. Security breaches, system compromises and other cybersecurity issues are common and can be severe. FS-ISAC CAPS enables you to put into practice your processes, plans, and resources in response to a cyber breach. You assess your exercise experience and preparedness while receiving insights on best practices and readiness at your institution and across the financial services industry. Regulators recommend participating in cyber threat exercises like CAPS to support an institution’s resiliency, testing, and training.
All FS-ISAC members in securities & investments.
Typically, the exercise includes the company’s incident response/business continuity/operational resiliency teams who would respond to a cyber attack affecting customers using securities & investments services. Functions include Information Technology (IT), risk management, operations, customer service, communications, legal, line of business managers and decision-making incident response executives. Some ask external partners to be available for consultation during the exercise.
Your firm designates one person as Coordinator to register your company and coordinate the exercise internally. Your Coordinator receives all communications, including the FS-ISAC CAPS Pre-Exercise Guide through a private channel in FS-ISAC Connect. Prior to the two-part exercise, your Coordinator accesses instructions, materials, and links to lead the exercise.
From your own premises and on your own schedule, your team reviews and discusses the information available and confidentially answers a set of self-assessment survey questions; you submit the single compiled survey to a SurveyMonkey link at the end of Part 2.
At your premises, virtually with your staff on your schedule, using our materials.
On average, teams work together for a few hours each part of the exercise.
Your team may undertake the exercise during CAPS season on any day(s) and time(s) on your own schedule between 5 September and 21 October.
You will retrieve the instructions and materials prior to the exercise, so you may plan your schedule to best fit the participants and institution. Traditionally participants conducted CAPS on two consecutive days for a few hours each day.
The exercise applies to all types and sizes of financial institutions involved in securities & investments, with each team adapting it as necessary.
FS-ISAC member volunteers work together with FS-ISAC staff to develop scenarios based on current trends and emerging threats; develop questions for discussion and response to help participating teams assess their preparedness; and script and record roles as members of the incident response team meetings presented in the exercise.
In the month following the exercise, we collate and tabulate the survey results. You will receive a copy of the results and an invitation to a presentation of the findings.
Survey results are anonymous, however general demographic questions such as asset size, country code and industry help us to compile a useful benchmark-type report that most participants find helpful.
Log in to FS-ISAC Intelligence Exchange, select Member Services icon and go to Events/Training.
(If you do not have access to IntelX, your company’s Primary Point of Contact (POC) can request to add a new User directly from the My Team page).
Select Securities & Investments CAPS Exercise.
Members in Tiers 1-5 complete registration with no additional fees.
Members in Tiers 6-8 complete registration and make payment of US$ 175 by credit card.
On the homepage, Users can navigate to the My Events tab under the banner to view their event registrations.
Once registered, you will receive instructions from the CAPS event staff within 2 weeks.
You may open a Case to request a change.
Please submit your inquiry in a Case through the Member Services area on FS-ISAC Intelligence Exchange or send an email to CAPS@fsisac.com.
Users can submit a member inquiry or request by opening a Case, which puts your submission into the FS-ISAC Service Desk. By opening a Case, your request goes to the appropriate FS-ISAC team for response.
Users can open a Case by clicking on Open a Case at the top menu or clicking on the Contact Member Support button located within the app.
© Copyright 1999 - 2022 FS-ISAC, Inc. All Rights Reserved.