• Overview
  • FAQ

Join thousands of your member peers in the CAPS
Securities & Investments exercise

Build the muscle memory for strong incident response

Cyber risks are increasingly critical business risks. To minimize these constantly evolving threats, today’s financial institutions prepare through tactical and strategic exercises – simulating realistic, timely attack scenarios, and practicing teams’ responses.

FS-ISAC’s CAPS cyber exercise is unique in the sector - a coordinated, distributed large-scale exercise with hundreds of financial services organizations and thousands of practitioners participating every year. 

The CAPS virtual tabletop exercise challenges your incident response team to overcome a simulated attack against securities & investments systems and processes. Participants practice mobilizing quickly, working under pressure, critically appraising information as it becomes available, and connecting the dots to defend against a cyber attack. One individual registers and leads your internal team through a two-part virtual exercise. The exercise follows a realistic, timely scenario involving a fictional organization. 

Participating in the exercise helps your team:

  • Strengthen team relationships and cross-functional knowledge
  • Develop a clearer understanding of system vulnerabilities
  • Explore improvements in processes and build stronger response plans

Gain maximum benefit with minimal resources:

  • Take part virtually using our materials in a confidential tabletop exercise
  • The exercise requires only a few hours for each part
  • Privately benchmark your internal processes against anonymous peers

Take advantage of this exclusive membership benefit. CAPS 2023 is a members-only benefit and included in FS-ISAC membership tiers 1-5. Members in tiers 6-8 pay $175 (plus any applicable state and country taxes) per team registration.

Register through the FS-ISAC Intelligence Exchange Members Services app.
CAPS exercises are for members only. If your organization is not yet a member of FS-ISAC, join today. 


Why participate?

Event Toggle Arrow

Pervasive vulnerabilities and cyber attacks are a serious source of risk for today’s enterprise. Security breaches, system compromises, and other cybersecurity issues are common and can be severe. FS-ISAC CAPS enables you to put into practice your processes, plans, and resources in response to a cyberbreach. You assess your exercise experience and preparedness while receiving insights on best practices and readiness at your organization and across the financial services industry. Regulators recommend participating in cyber threat exercises like CAPS to support an organization’s resiliency, testing, and training.

Who should participate?

Event Toggle Arrow

All FS-ISAC members in the securities & investments industry.

Who should be involved in my company?

Event Toggle Arrow

Typically, the exercise includes the company’s incident response/business continuity/operational resiliency team who would respond to a cyber attack affecting customers using securities & investments services. Organizations include Information Technology (IT), risk management, operations, customer service, communications, legal, line of business managers, and decision-making incident response executives. Some ask external partners to be available for consultation during the exercise.

How does CAPS work?

Event Toggle Arrow

You designate one person as the primary contact to register your company and coordinate the exercise internally. Your primary contact receives all communications about the exercise, including the FS-ISAC CAPS Pre-Exercise Guide, to help prepare for the exercise by accessing a private Channel in the FS-ISAC Connect Chat platform. Prior to the two-part exercise, your Coordinator, who registered for the exercise, accesses instructions, materials, and links to lead the exercise. From your own premises, and on your own schedule, your team reviews and discusses the information available and confidentially answers a set of self-assessment survey questions; you submit the single compiled survey to a SurveyMonkey link at the end of Part 2.

Where does the exercise take place?

Event Toggle Arrow

At your premises, virtually, with our materials, your staff, and your timing. 

How long does the exercise take?

Event Toggle Arrow

On average, teams work together for a couple of hours for each part of the exercise.

What time is the exercise?

Event Toggle Arrow

Your team may undertake the exercise during CAPS season on any day(s) and time(s) on your own schedule between 4 September and 13 October. You retrieve the instructions and materials prior to the exercise and set your schedule to best fit the participants and organization. Traditionally, participants conducted CAPS on two consecutive days for a few hours each day. Many choose to meet in the morning and afternoon of a single day. You may plan your own schedule.

How can a standard exercise work for my organization?

Event Toggle Arrow

The exercise applies to all types and sizes of financial institutions, with each team adapting it as necessary, “as they go,” to suit the specific organization participating. 

Who creates the exercise?

Event Toggle Arrow

FS-ISAC member volunteers work together with FS-ISAC staff to develop scenarios based on current trends and emerging threats; develop questions for discussion and response in the daily feedback survey, to help participating teams assess their preparedness; and script and record roles as members of the incident response team meetings presented in the exercise.

What is the after-action?

Event Toggle Arrow

In the month following the exercise, we collate and tabulate the survey results. You will receive a copy of the results and an invitation to a presentation of the findings, hosted and facilitated by FS-ISAC.

How will the results be meaningful to my organization?

Event Toggle Arrow

Survey results are anonymous; however, general demographic questions such as asset size, country code, and industry help us to compile a useful benchmark-type report that most participants find helpful. These results, combined with your extensive team discussions during the exercise, are qualitatively valuable as well.

How do I register?

Event Toggle Arrow

Log in to FS-ISAC Intelligence Exchange, select Member Services icon and go to Events/Training, then select CAPS Securities & Investments Cyber Attack Incident Response Exercise.
(If you do not have access to IntelX, your company’s Primary Point of Contact (POC) can request to add a new User directly from the My Team page. When adding a new User, POCs should indicate whether the User requires IntelX access and which groups they will join. FS-ISAC reviews all requests for approval to ensure user access does not exceed the Share user allotments based on the organization’s membership tier.)

Members in Tiers 1-5 complete a registration for $0 since the exercise is part of annual membership fees.

Members in Tiers 6-8 complete a registration and make a payment of US$ 175 plus any applicable country and state tax by card.

Where do I view my event registrations?

Event Toggle Arrow

On the Member Services homepage in IntelX, users can navigate to the My Events tab under the banner to view their event registrations. POCs will also see the event registrations for all Users at their company. 

After I register, where can I expect more information on event attendance?

Event Toggle Arrow

Once registered, you will receive instructions from the CAPS event staff within a few days.  The individual who registers is considered the CAPS coordinator and only point of contact for accessing the CAPS instructions and materials on FS-ISAC’s IntelX Connect application and will need current Connect access to participate.

Can I change which CAPS exercise I registered for?

Event Toggle Arrow

You may open a Case to request a change.

Who can I contact for more information?

Event Toggle Arrow

Please submit your inquiry in a Case through the Member Services area on FS-ISAC Intelligence Exchange or send an email to CAPS@fsisac.com.

What is a Case?

Event Toggle Arrow

Users can submit a member inquiry or request by opening a Case, which puts your submission into the FS-ISAC Service Desk. By opening a Case, your request goes to the appropriate FS-ISAC team for response.

How do I open a Case?

Event Toggle Arrow

Users can open a Case by clicking on Open a Case at the top menu or clicking on the Contact Member Support button located within the app.