<img height="1" width="1" style="display:none;" alt="" src="https://px.ads.linkedin.com/collect/?pid=6226337&amp;fmt=gif">

FS-ISAC | Resilience

Collaborating to Ensure the Global Financial System Stays Operational

True Resilience Means Being Prepared for Whatever Comes

Through exercises, firms build the muscle memory required for strong incident response. In 2023, FS-ISAC significantly expanded its breadth and scope of exercise offerings, from enabling more than 10,000 cyber practitioners to practice responding to real-world scenarios to multi-sector crisis response coordination.

The key components of our resilience program

Upcoming Exercises

FS-ISAC offers a wide variety of exercises for individual firms; for the sector at national and regional levels; as well as through public-private and cross-sector relationships around the world.

Learn. Connect. Collaborate.

3 March 2024
San Diego, California

FS-ISAC Insider Threat Tabletop Exercise

____________

Practice with the latest active defense techniques to protect your network from an attack and mitigate its impact on operations.

13 March 2024
Hybrid | EMEA

Cyber Range Exercise Workstation Investigation

____________

Build the muscle memory for defending against emergent cyber threats

18 March 2024
Hybrid | EMEA

Cyber Range Exercise Suspicious PowerShell Activity

____________

Build the muscle memory for defending against emergent cyber threats

20 March 2024
Virtual | Americas

Cyber Range Exercise Forensic Analysis

____________

Build the muscle memory for defending against emergent cyber threats

26 March 2024
Melbourne | In-Person

FS-ISAC APAC Analyst Workshop

____________

A virtual exercise exploring the risk posed by a prolonged third-party outage in the financial sector.

21 May 2024
Artificial Intelligence Impacts on Markets and Public Confidence

FS-ISAC Tabletop Exercise

____________

Practice with the latest active defence techniques to protect your network from an attack and mitigate its impact on operations.

26 June 2024
Virtual | Americas

Cyber Range Exercise Suspicious Activity

____________

Build the muscle memory for defending against emergent cyber threats

2 July 2024
Virtual | EMEA

Cyber Range Exercise APT Threat Hunting

____________

Build the muscle memory for defending against emergent cyber threats

10 July 2024
Artificial Intelligence Impacts on Markets and Public Confidence

FS-ISAC Tabletop Exercise

____________

Practice with the latest active defence techniques to protect your network from an attack and mitigate its impact on operations.

23-25 July 2024
Virtual | Americas

FS-ISAC Steel Resolve Functional Exercise

____________

Build the muscle memory for identifying the scope of an incident, mitigating impact, and coordinating a sector response.

23 September 2024
London, UK

FS-ISAC Insider Threat Tabletop Exercise

____________

Practice with the latest active defense techniques to protect your network from an attack and mitigate its impact on operations.

14 - 18 October 2024
Virtual | Global

Cyber Range Exercise The Heist

____________

Build the muscle memory for defending against emergent cyber threats

Our Exercises

Our exercise scenarios are based on the sector’s latest threat intelligence and are customized to a range of sector verticals as well as technical expertise. From hands-on-keyboard technical exercises to strategic level tabletops, our exercises help members upskill their teams, benchmark against peers, and understand how the sector is working to constantly evolve its resilience through cross-sector and public-private exercises around the world.

Exercises are open to members only

Talk to our exercises team

Learn More About our Exercises

1

CAPS

Exercise-in-a-box customized for banking, insurance, and securities to run on their own time

CAPS is a discussion-based exercise in which organizations walk through a real-world scenario in their own time and respond to a series of questions on how they would respond.  The goal of CAPS is to help organizations to create stronger cross-functional relationships, improve incident response plans, and gain a clearer understanding of system vulnerabilities. 

The CAPS exercise challenges incident response teams to overcome a simulated attack against a fictional financial services organization. Participants practice mobilizing quickly, working under pressure and recognizing critical intelligence to defend against an attack. 

  • Participate from your premises or remotely via computer sharing using virtual, confidential exercise materials
  • Teams spend three to six hours on the two-part scenario
  • Receive unattributed peer data to compare your response to other organizations 

CAPS is available to all members, with three separate versions for Banking, Insurance, and Securities & Investments. Members in all Tiers receive CAPS as part of annual membership fees.

Banking FAQ

Insurance FAQ

Securities & Investments FAQ

Contact us

2

Cyber Range

Hands-on keyboard simulation, real-world experience

As new cyber challenges emerge, it is critical for security teams to get hands-on practice at cyber defense. Our cyber range program, powered by ImmersiveLabs, helps members get real-world experience in responding to new cyber threats while benefiting from the knowledge of industry peers in a secure and trusted environment. 

Exercises are structured to provide participants with: 

  • Defensive tools for attack analysis
  • Network defense techniques
  • Proven playbooks and checklists to integrate into incident response plans
     

Register via Intel X

To register: 

1. Login via Intelligence Exchange 

2. Select the Member Services icon 

3. Select the Event/Training tab 

4. Select the desired exercise 

Register via Intel X


If you are a member and do not have an Intelligence Exchange account, please contact FS-ISAC Admin.

3

Functional

Act out response processes, assess interactions

As part of its continuing support of the sector’s broad preparedness and operational resilience efforts, FS-ISAC’s Steel Resolve exercise provides an environment for participants to act out their policies and procedures in real-time in response to a large-scale attack on a global financial institution. 

Steel Resolve is a significant step in the sector’s ability to observe and assess incident response capabilities at the firm level, the interaction between firms, and the public-private partnership activities. 

Through this exercise we identify opportunities to improve information sharing and sector coordination across FS-ISAC committees. These recommendations get incorporated into FS-ISAC’s playbook to improve its ability to support the incident management process. 

4

Tabletop

Strategic discussions on a wide range of scenarios

FS-ISAC Tabletop Exercises 

FinCyber Today UK: Focused on improving operational resilience in the EMEA region by exploring a significant disruption to the operational capability of a section of the financial sector. 

Post-Quantum Computing: Focused on developing incident response strategies for post-quantum computing and its implementation throughout the financial sector. 

Sheltered Harbor: Tests current Sheltered Harbor incident response frameworks and advances ongoing collaboration for future improvement to policies and procedures. 

MRT & Communications: Tests the current response framework of FS-ISAC’s Media Response Team during an incident and focuses on improving communications outcomes.        


Hamilton Tabletop Exercises* 

FS-ISAC partners with the Financial Services Sector Coordinating Council (FSSCC), US Treasury Department and other US government agencies including law enforcement to develop these one-day exercises aimed at improving the cyber threat response within the US financial sector. 

Simulations mimic a variety of attacks. Participants include members of both the public and private sectors, so that results can be formed into improved public/private coordination strategies. 

Insider Threat: Tests organizational and sector response frameworks to an insider threat in order to understand and improve current policies and procedures. 

Incident Comms & Messaging: Advances public-private strategic communications and messaging and ongoing collaboration with public affairs offices to continuously improve tailored messaging in response to an incident. 

*Hamilton exercises are specific to US-based financial institutions 
 

5

Cross-Sector

International in scope, collaborative in practice

Tri-Sector: Tests the Tri-Sector Playbook created with the energy and telecommunications sectors to unearth potential improvements to the framework. 

Locked Shields: An international, operations-based exercise organized by NATO’s CCDCOE, enabling cybersecurity experts to enhance their skills in defending national IT systems and critical infrastructure under real-time attacks, as well as testing strategic level response. See more here

CyberStorm: An operations-based exercise hosted by the US CISA, designed to bring together the public and private sectors to simulate discovery of and response to a significant cyber incident impacting the United States’ critical infrastructure. 

National Level Exercise: Run by the US’ FEMA, NLEs provide the opportunity for all levels of government, the private sector, nongovernmental organizations, and community groups to test operational capabilities, evaluate policies and plans, familiarize personnel with roles and responsibilities, and foster meaningful interaction and communication across the country. 

GridEx: A biennial exercise hosted by North American Electric Reliability Corporation’s (NERC) E-ISAC, GridEx gives E-ISAC member and partner organizations a forum to practice response to and recovery from coordinated cyber and physical security threats and incidents. 

In our Community’s
Words

Tier 5 EMEA Central Bank

 Interesting as ever to see where other jurisdictions are on some of these issues.”

Anonymous Participant Survey

 As an employee that leads our cyber exercising, I found it extremely valuable to witness an operations-based test as we want to continue our exposure to this style of testing internally and externally.”

Anonymous Participant Survey

 Being the bank's IT officer, I struggle to keep up with testing and most of the time lack the ability to come up with good scenarios. I registered for this exercise thinking, why not, could be beneficial? Holy Cow, I loved it!”

Tier 5 EMEA Central Bank

 Interesting as ever to see where other jurisdictions are on some of these issues.”

Anonymous Participant Survey

 As an employee that leads our cyber exercising, I found it extremely valuable to witness an operations-based test as we want to continue our exposure to this style of testing internally and externally.”

Anonymous Participant Survey

 Being the bank's IT officer, I struggle to keep up with testing and most of the time lack the ability to come up with good scenarios. I registered for this exercise thinking, why not, could be beneficial? Holy Cow, I loved it!”

Resilience Content

[Computer Weekly] Global Finance Firms Take Part in NATO Cyber Attack Simulation

Peer-Benchmarked Threat Resilience Metrics

[Bank Info Security] Banking Tech Forecast: Cloudy With a Chance of Cyber Risk

[Dark Reading] Preparing for the Unexpected: A Proactive Approach to Operational Resilience

FS-ISAC Recognizes Global Leaders Safeguarding the Financial Sector Through Outstanding Cyber Intelligence Sharing

[Dark Reading] Software Complexity Bedevils Mainframe Security

[CSO Online] Proactive, not Reactive: The Path to Ensuring Operational Resilience in Cybersecurity

[CSO Online] Proactive, not Reactive: The Path to Ensuring Operational Resilience in Cybersecurity

[iTWire] Adapting to the Quantum Shift: Cultivating Business Resilience

 

Interested in Learning More About our Exercises?

Please fill out the form
and we will be in touch.