<img height="1" width="1" style="display:none;" alt="" src="https://px.ads.linkedin.com/collect/?pid=6226337&amp;fmt=gif">

FAQs: CAPS Securities & Investments

Why participate?

Pervasive vulnerabilities and cyber attacks are a serious source of risk for today’s enterprise. Security breaches, system compromises and other cybersecurity issues are common and can be severe. FS-ISAC CAPS enables you to put into practice your processes, plans and resources in response to a cyberbreach. You assess your exercise experience and preparedness, while receiving insights on best practices and readiness at your organization and across the financial services industry. Regulators recommend participating in cyber threat exercises like CAPS to support an organization’s resiliency, testing, and training.

Who should participate?

All FS-ISAC members with securities & investments business.

Who should be involved in my company?

Typically, the exercise includes the company’s incident response/business continuity/operational resiliency team who would respond to a cyber attack affecting customers using securities & investments services. Organizations include Information Technology (IT), risk management, operations, customer service, communications, legal, line of business managers, and decision-making incident response executives. Some ask external partners to be available for consultation during the exercise.

How does CAPS work?

You designate one person as the primary contact to register your company and coordinate the exercise internally. Your primary contact receives all communications about the exercise, including the FS-ISAC CAPS Pre-Exercise Guide to help prepare for the exercise by accessing a private Channel in the FS-ISAC Connect Chat platform. Prior to the 2-part exercise, your Coordinator, who registered for the exercise, accesses instructions, materials, and links to lead the exercise. From your own premises, and on your own schedule, your team reviews and discusses the information available and confidentially answers a set of self-assessment survey questions; you submit the single compiled survey to a SurveyMonkey link at the end of Part 2.

Where does the exercise take place?

At your premises, virtually, with our materials, your staff, and your timing. 

How long does the exercise take?

On average, teams work together for a couple of hours for each part of the exercise.

What time is the exercise? 

Your team may undertake the exercise during CAPS season on any day(s) and time(s) on your own schedule between 4 September and 13 October. You retrieve the instructions and materials prior to the exercise and set your schedule to best fit the participants and organization. Traditionally participants conducted CAPS on 2 consecutive days for a few hours each day. Many choose to meet in the morning and afternoon of a single day. You may plan your own schedule.

How can a standard exercise work for my organization? 

The exercise applies to all types and sizes of companies in securities & investments businesses, with each team adapting it as necessary, “as they go,” to suit the specific organization participating. 

Who creates the exercise? 

FS-ISAC member volunteers work together with FS-ISAC staff to develop scenarios based on current trends and emerging threats; develop questions for discussion and response in the daily feedback survey, to help participating teams assess their preparedness; script and record roles as members of the incident response team meetings presented in the exercise.

What is the after-action?

In the month following the exercise, we collate and tabulate the survey results. You will receive a copy of the results and an invitation to a presentation of the findings, hosted, and facilitated by FS-ISAC.

How will the results be meaningful for my organization? 

Survey results are anonymous, however general demographic questions such as asset size, country code and industry help us to compile a useful benchmark-type report that most participants find helpful. These results, combined with your extensive team discussions during the exercise, are qualitatively valuable as well.

How do I register?

Log in to FS-ISAC Intelligence Exchange, select Member Services icon and go to Events/Training, then select CAPS Securities & Investments Cyber Attack Incident Response Exercise.
(If you do not have access to IntelX, your company’s Primary Point of Contact (POC) can request to add a new User directly from the My Team page. When adding a new User, POCs should indicate whether the User requires IntelX access and which groups they will join. FS-ISAC reviews all requests for approval to ensure user access does not exceed the Share user allotments based on the organization’s membership tier.)

Members in Tiers 1-5 complete a registration for $0 since the exercise is part of annual membership fees.

Members in Tiers 6-8 complete a registration and make payment of US$ 175 plus any applicable country and state taxes by card.

Where do I view my event registrations?

On the Member Services homepage in IntelX, users can navigate to the My Events tab under the banner to view their event registrations. POCs will also see the event registrations for all Users at their company. 

After I register, when can I expect more information on event attendance?

Once registered, you will receive instructions from the CAPS event staff within a few days. The individual who registers is considered the CAPS coordinator and only point of contact for accessing the CAPS instructions and materials on FS-ISAC’s IntelX Connect application and will need current Connect access to participate. 

Can I change which CAPS exercise I registered for?

You may open a Case to request a change.

Who can I contact for more information? 

Please submit your inquiry in a Case through the Member Services area on FS-ISAC Intelligence Exchange or send an email to CAPS@fsisac.com

What is a Case? 

Users can submit a member inquiry or request by opening a Case, which puts your submission into the FS-ISAC Service Desk. By opening a Case, your request goes to the appropriate FS-ISAC team for response.

How do I open a Case? 

Users can open a Case by clicking on Open a Case at the top menu or clicking on the Contact Member Support button located within the app.