Cyber-Attack Against Insurance Systems (CAIS)
Test your incident response team’s ability to respond to a cyber-attack or incident during this confidential, tabletop virtual exercise. Designed by FS-ISAC’s Insurance Risk Council (IRC) exercise team, CAIS allows your organization to evaluate current risk mitigation procedures, identify potential gaps in planning, playbooks and processes, and develop appropriate mitigation recommendations in response to the types of attacks used in this exercise.
Upon completion of the exercise, participants will receive an after-action report highlighting lessons learned from the exercise and categorized benchmark results.
See how your business practices stack up based on aggregated participants’ responses. This is a free exercise open to insurance industry cybersecurity professionals, including FS-ISAC members and non-members.
For more information, email firstname.lastname@example.org.
Cyber-Attack Against Payment Systems (CAPS)
CAPS challenges your incident response team to overcome a simulated attack on payment systems and processes. Participants practice mobilizing quickly, working under pressure, critically appraising information as it becomes available and connecting the cyberdots to defend against an attack.
Participating in the exercise helps your team:
You take part from your own premises using our materials in a virtual, confidential tabletop exercise. The exercise requires about two hours each day.
A one-day, hands-on-keyboard exercise in which participants observe and respond to different types of attacks such as ransomware or business email compromise. Teams share and review results, identify methods for improving defenses, then re-run the simulated attack to see if the suggested mitigation techniques improve results. These exercises are usually conducted in a single location (remote participation is optional) with 20-30 participants, enabling attendees to readily share insights and arrive at solutions with peers.
Participants experience technical training and management interaction with guidance and knowledge from industry experts, as well as peers. During the exercise, participants:
FS-ISAC partners with the Financial Services Sector Coordinating Council (FSSCC), US Treasury Department (Treasury) and other US government agencies including law enforcement to develop these one-day exercises aimed at improving the cyberthreat response within the US financial sector.
Simulations mimic a variety of attacks. Participants include members of both the public and private sectors, so that results can be formed into improved public/private coordination strategies.
*These exercises are specific to US-based financial institutions
With help from numerous contributors, FS-ISAC has created the Financial Sector Crisis Response Framework, a structured and standardized approach for the sector to manage cyber-attacks. From this broader Framework (formerly known as the All-Hazards Crisis-Response Playbook), FS-ISAC has
created regional playbooks to address specific geographies. Playbook drills focus on coordinating trusted information sharing and crisis response by adhering to the common, structured process defined in the playbooks.
Regional Exercises and Workshops
Custom-designed exercises that are tailored for your organization’s environment. Such exercises can target threats that are specific to a particular region, to organizations of a specific size or financial segment and adaptable to your institution's highest priority.
We enjoyed working with representatives from other organisations and saw firsthand the impact that collaboration and information sharing had on the participants’ decision-making and response times. We look forward to strengthening the relationships that we developed during the exercise and we will encourage others in the industry to communicate with their peers more to improve the overall resilience of the financial services sector.”
Fill out the form to join our mailing list.