Cyber-Attack Against Insurance Systems (CAIS)
Test your incident response team’s ability to respond to a cyber-attack or incident during this confidential, tabletop virtual exercise. Designed by FS-ISAC’s Insurance Risk Council (IRC) exercise team, CAIS allows your organization to evaluate current risk mitigation procedures, identify potential gaps in planning, playbooks and processes, and develop appropriate mitigation recommendations in response to the types of attacks used in this exercise.
Upon completion of the exercise, participants will receive an after-action report highlighting lessons learned from the exercise and categorized benchmark results.
See how your business practices stack up based on aggregated participants’ responses. This is a free exercise open to insurance industry cybersecurity professionals, including FS-ISAC members and non-members.
For more information, email CAIS@fsisac.com.
Cyber-Attack Against Payment Systems (CAPS)
The CAPS exercise challenges incident response teams to overcome a simulated attack against financial institution systems and processes. Participants practice mobilizing quickly, working under pressure and recognizing critical intelligence to defend against an attack.
Developed as a real-world scenario, outcomes include:
CAPS is available to all regulated depository financial institutions for $175 per institution. Please review Frequently Asked Questions for more information or contact us at CAPS@fsisac.com. FS-ISAC reserves the right to decline participation.
A one-day, hands-on-keyboard exercise in which participants observe and respond to different types of real-world attacks such as ransomware, business email compromise or cloud leak. Teams work together to investigate the attack, determine the initial threat vector, lateral movement within the network and identify methods for improving defenses. FS-ISAC’s cyber-range exercises are conducted both virtually and onsite with 30-40 participants, enabling attendees to readily share insights and arrive at solutions with peers.
Participants experience technical training and management interaction with guidance and knowledge from industry experts, as well as peers. During the exercise, participants:
FS-ISAC partners with the Financial Services Sector Coordinating Council (FSSCC), US Treasury Department (Treasury) and other US government agencies including law enforcement to develop these one-day exercises aimed at improving the cyberthreat response within the US financial sector.
Simulations mimic a variety of attacks. Participants include members of both the public and private sectors, so that results can be formed into improved public/private coordination strategies.
*These exercises are specific to US-based financial institutions
With help from numerous contributors, FS-ISAC has created the Financial Sector Crisis Response Framework, a structured and standardized approach for the sector to manage cyber-attacks. From this broader Framework (formerly known as the All-Hazards Crisis-Response Playbook), FS-ISAC has
created regional playbooks to address specific geographies. Playbook drills focus on coordinating trusted information sharing and crisis response by adhering to the common, structured process defined in the playbooks.
Regional Exercises and Workshops
Custom-designed exercises that are tailored for your organization’s environment. Such exercises can target threats that are specific to a particular region, to organizations of a specific size or financial segment and adaptable to your institution's highest priority.
We enjoyed working with representatives from other organisations and saw firsthand the impact that collaboration and information sharing had on the participants’ decision-making and response times. We look forward to strengthening the relationships that we developed during the exercise and we will encourage others in the industry to communicate with their peers more to improve the overall resilience of the financial services sector.”
Fill out the form to join our mailing list.