• Cyber-Attack Against Insurance Systems (CAIS)

    Cyber-Attack Against Insurance Systems (CAIS)

    How would your insurance institution respond to a cyber-attack?

    Test your incident response team’s ability to respond to a cyber-attack or incident during this confidential, tabletop virtual exercise. Designed by FS-ISAC’s Insurance Risk Council (IRC) exercise team, CAIS allows your organization to evaluate current risk mitigation procedures, identify potential gaps in planning, playbooks and processes, and develop appropriate mitigation recommendations in response to the types of attacks used in this exercise.

    Upon completion of the exercise, participants will receive an after-action report highlighting lessons learned from the exercise and categorized benchmark results.

    See how your business practices stack up based on aggregated participants’ responses. This is a free exercise open to insurance industry cybersecurity professionals, including FS-ISAC members and non-members. 

    For more information, email CAIS@fsisac.com.

  • Cyber-Attack Against Payment Systems (CAPS)

    Cyber-Attack Against Payment Systems (CAPS)

    Build a stronger incident response team

    The CAPS exercise challenges incident response teams to overcome a simulated attack against financial institution systems and processes. Participants practice mobilizing quickly, working under pressure and recognizing critical intelligence to defend against an attack.

    Developed as a real-world scenario, outcomes include:

    • Stronger team relationships and increased cross-functional knowledge;
    • Clearer internal understanding of system vulnerabilities;
    • Improvements in response plans.
    • Gain maximum benefit with minimal resources:
    • Participate from your premises or remotely via computer sharing using virtual, confidential exercise materials;
    • Teams spend a few hours working the incident each day;
    • Receive unattributed peer data to compare your response to other organizations.

    CAPS is available to all regulated depository financial institutions for $175 per institution. Please review Frequently Asked Questions for more information or contact us at CAPS@fsisac.com. FS-ISAC reserves the right to decline participation.

    See Next CAPS Exercise

  • Cyber-Range Exercises

    Cyber-Range Exercises

    Improve your defense and response skills to a real-world cyber-attack

    A one-day, hands-on-keyboard exercise in which participants observe and respond to different types of real-world attacks such as ransomware, business email compromise or cloud leak. Teams work together to investigate the attack, determine the initial threat vector, lateral movement within the network and identify methods for improving defenses. FS-ISAC’s cyber-range exercises are conducted both virtually and onsite with 30-40 participants, enabling attendees to readily share insights and arrive at solutions with peers.

    Participants experience technical training and management interaction with guidance and knowledge from industry experts, as well as peers. During the exercise, participants:

    • Learn the setup and orientation of a simulated bank.com environment and its tools
    • Use defensive and forensics tools for analysis and trouble-ticket writing
    • Practice individual active defense and investigative techniques to defend against an attack or mitigate an attack’s impact on operations and customers
    • Build relationships with local law enforcement
    • Share lessons learned and ideas for future events
    • Receive and use a proven incident response playbook and checklists

    See Upcoming Exercises

  • Hamilton Series

    Hamilton Series

    Simulating a variety of plausible cybersecurity incidents or attacks

    FS-ISAC partners with the Financial Services Sector Coordinating Council (FSSCC), US Treasury Department (Treasury) and other US government agencies including law enforcement to develop these one-day exercises aimed at improving the cyberthreat response within the US financial sector.
    Simulations mimic a variety of attacks. Participants include members of both the public and private sectors, so that results can be formed into improved public/private coordination strategies.

    *These exercises are specific to US-based financial institutions 

    Become a Member

  • Playbook Drills

    Playbook Drills

    Standardized approach to combating cyber-attacks in the financial sector

    With help from numerous contributors, FS-ISAC has created the Financial Sector Crisis Response Framework, a structured and standardized approach for the sector to manage cyber-attacks. From this broader Framework (formerly known as the All-Hazards Crisis-Response Playbook), FS-ISAC has
    created regional playbooks to address specific geographies. Playbook drills focus on coordinating trusted information sharing and crisis response by adhering to the common, structured process defined in the playbooks.

    Request More Information

  • Regional Exercises and Workshops

    Regional Exercises and Workshops

    Regional coalitions and exercises for small and mid-sized institutions

    Custom-designed exercises that are tailored for your organization’s environment. Such exercises can target threats that are specific to a particular region, to organizations of a specific size or financial segment and adaptable to your institution's highest priority.

    Request More Information

We enjoyed working with representatives from other organisations and saw firsthand the impact that collaboration and information sharing had on the participants’ decision-making and response times. We look forward to strengthening the relationships that we developed during the exercise and we will encourage others in the industry to communicate with their peers more to improve the overall resilience of the financial services sector.

Carlo Hopstaken - CISO and Head of Cyber Assurance Testing, UBS

FS-ISAC’s exercise program enables member institutions to develop a deeper, more comprehensive understanding of their role within the financial ecosystem, their cyber-risk profile and associated critical dependencies.

Download Exercises Overview

Sign up for FS-ISAC updates

You will receive a monthly roundup of industry and FS-ISAC event updates.

Fill out the form to join our mailing list.

Sign Up