9 March 2025
SAAS Third Party Outage
FS-ISAC Tabletop Exercise
Practice with the latest active defence techniques to protect your network from an attack and mitigate its impact on operations.
18 October 2024 - 28 March 2025
Virtual | Materials Only
CAPS Postseason | Banking
Discussion-based exercise in which organizations walk through a real-world scenario in their own time
18 October 2024 - 28 March 2025
Virtual | Materials Only
CAPS Postseason | Insurance
Discussion-based exercise in which organizations walk through a real-world scenario in their own time
18 October 2024 - 28 March 2025
Virtual | Materials Only
CAPS Postseason | Securities & Investments
Discussion-based exercise in which organizations walk through a real-world scenario in their own time
True business resilience means being prepared for whatever comes
Our exercise scenarios are based on the sector’s latest threat intelligence and are customized to a range of sector verticals as well as technical expertise. From hands-on-keyboard technical exercises to strategic level tabletops, our exercises enable you to upskill your teams, benchmark yourself against peers, and understand how the sector is working to constantly evolve its resilience through cross-sector and public-private exercises around the world.
Exercises are open to members only. Talk to our Exercises Team
Beate Zwijnenberg
Driven by member-curated content, FS-ISAC continues to enhance sectoral efforts to meet the ever-present threat posed by cyber criminals. In particular, the available workshops and technical exercises have proven invaluable in helping enhance organizacional preparedness.
Glenn Foster
As financial institutions look to operate with sound cuber resiliency to enable secure and stable operations, the FS-ISAC cyber exercises allow our teams to remain current on cyber trends to identify learnings and test our responses, while keeping our customers and colleagues safe.
Carlo Hopstaken
We enjoyed working with representatives from other organizations and saw firsthand the impact that collaboration and information sharing had on the participants’ decision-making and response times.
Rachel Keller
I just want to say thank you! This functional exercise has been phenomenal!! I wanted to put a cyber incident spin on my side so I threw out my scenario twist this morning. Such a wonderful learning tool and can’t wait to have other people participate next time!
1
On-demand access, benchmarked results
CAPS is a discussion-based exercise in which organizations walk through a real-world scenario in their own time and respond to a series of questions on how they would respond. The goal of CAPS is to help organizations to create stronger cross-functional relationships, improve incident response plans, and gain a clearer understanding of system vulnerabilities.
The CAPS exercise challenges incident response teams to overcome a simulated attack against a fictional financial services organization. Participants practice mobilizing quickly, working under pressure and recognizing critical intelligence to defend against an attack.
CAPS is available to all members, with three separate versions for Banking, Insurance, and Securities & Investments. Members in Tiers 1-5 receive CAPS as part of annual membership fees. Members in Tiers 6-8 make payment of US$ 175 by card when registering. FS-ISAC reserves the right to decline participation.
Banking FAQ
Insurance FAQ
Securities & Investments FAQ
2
Hands-on keyboard simulation, real-world experience
As new cyber challenges emerge, it is critical for security teams to get hands-on practice at cyber defense. Our cyber range program, powered by ImmersiveLabs, helps our members get real-world experience in responding to new cyber threats while benefiting from the knowledge of industry peers in a secure and trusted environment.
Exercises are structured to provide participants with:
To register:
1. Login via Intelligence Exchange
2. Select the Member Services icon
3. Select the Event/Training tab
4. Select the desired exercise
If you are a member and do not have an Intelligence Exchange account, please contact FS-ISAC Admin.
3
Act out response processes, assess interactions
As part of its continuing support of the sector’s broad preparedness and operational resilience efforts, FS-ISAC’s Steel Resolve exercise provides an environment for participants to act out their policies and procedures in real-time in response to a large-scale attack on a global financial institution.
Steel Resolve is a significant step in the sector’s ability to observe and assess incident response capabilities at the firm level, the interaction between firms, and the public-private partnership activities.
Through this exercise we identify opportunities to improve information sharing and sector coordination across FS-ISAC committees. These recommendations get incorporated into FS-ISAC’s playbook to improve its ability to support the incident management process.
4
Strategic discussions on a wide range of scenarios
London FinCyber UK: Focused on improving operational resilience in the EMEA region by exploring a significant disruption to the operational capability of a section of the financial sector.
Post-Quantum Computing: Focused on developing incident response strategies for post-quantum computing and its implementation throughout the financial sector.
Sheltered Harbor: Tests current Sheltered Harbor incident response frameworks and advances ongoing collaboration for future improvement to policies and procedures.
MRT & Communications: Tests the current response framework of FS-ISAC’s Media Response Team during an incident and focuses on improving communications outcomes.
FS-ISAC partners with the Financial Services Sector Coordinating Council (FSSCC), US Treasury Department and other US government agencies including law enforcement to develop these one-day exercises aimed at improving the cyber threat response within the US financial sector.
Simulations mimic a variety of attacks. Participants include members of both the public and private sectors, so that results can be formed into improved public/private coordination strategies.
Insider Threat: Tests organizational and sector response frameworks to an insider threat in order to understand and improve current policies and procedures.
Incident Comms & Messaging: Advances public-private strategic communications and messaging and ongoing collaboration with public affairs offices to continuously improve tailored messaging in response to an incident.
*Hamilton exercises are specific to US-based financial institutions
5
International in scope, collaborative in practice
Tri-Sector: Tests the Tri-Sector Playbook created with the energy and telecommunications sectors to unearth potential improvements to the framework.
Locked Shields: An international, operations-based exercise organized by NATO’s CCDCOE, enabling cybersecurity experts to enhance their skills in defending national IT systems and critical infrastructure under real-time attacks, as well as testing strategic level response. See more here.
CyberStorm: An operations-based exercise hosted by the US CISA, designed to bring together the public and private sectors to simulate discovery of and response to a significant cyber incident impacting the United States’ critical infrastructure.
National Level Exercise: Run by the US’ FEMA, NLEs provide the opportunity for all levels of government, the private sector, nongovernmental organizations, and community groups to test operational capabilities, evaluate policies and plans, familiarize personnel with roles and responsibilities, and foster meaningful interaction and communication across the country.
GridEx: A biennial exercise hosted by North American Electric Reliability Corporation’s (NERC) E-ISAC, GridEx gives E-ISAC member and partner organizations a forum to practice response to and recovery from coordinated cyber and physical security threats and incidents.
Report
Article
Article
Article
Podcast
Article
© Copyright 1999 - FS-ISAC, Inc. All Rights Reserved.