• Cyber-Attack Against Insurance Systems (CAIS)

    Cyber-Attack Against Insurance Systems (CAIS)

    How would your insurance institution respond to a cyber-attack?

    Test your incident response team’s ability to respond to a cyber-attack or incident during this confidential, tabletop virtual exercise. Designed by FS-ISAC’s Insurance Risk Council (IRC) exercise team, CAIS allows your organization to evaluate current risk mitigation procedures, identify potential gaps in planning, playbooks and processes, and develop appropriate mitigation recommendations in response to the types of attacks used in this exercise.

    Upon completion of the exercise, participants will receive an after-action report highlighting lessons learned from the exercise and categorized benchmark results.

    See how your business practices stack up based on aggregated participants’ responses. This is a free exercise open to insurance industry cybersecurity professionals, including FS-ISAC members and non-members. 

    For more information, email exercises@fsisac.com

  • Cyber-Attack Against Payment Systems (CAPS)

    Cyber-Attack Against Payment Systems (CAPS)

    Build a stronger incident response team

    CAPS challenges your incident response team to overcome a simulated attack on payment systems and processes. Participants practice mobilizing quickly, working under pressure, critically appraising information as it becomes available and connecting the cyberdots to defend against an attack.

    Participating in the exercise helps your team:

    • Gain maximum benefit with minimal resources.
    • Strengthen team relationships and cross-functional knowledge.
    • Develop a clearer understanding of system vulnerabilities.
    • Explore improvements in response processes and build stronger response plans.

    You take part from your own premises using our materials in a virtual, confidential tabletop exercise. The exercise requires about two hours each day. 

    See Next CAPS Exercise

  • Cyber-Range Exercises

    Cyber-Range Exercises

    Improve your defense and response skills to a real-world cyber-attack

    A one-day, hands-on-keyboard exercise in which participants observe and respond to different types of attacks such as ransomware or business email compromise. Teams share and review results, identify methods for improving defenses, then re-run the simulated attack to see if the suggested mitigation techniques improve results. These exercises are usually conducted in a single location (remote participation is optional) with 20-30 participants, enabling attendees to readily share insights and arrive at solutions with peers.

    Participants experience technical training and management interaction with guidance and knowledge from industry experts, as well as peers. During the exercise, participants:

    • Learn the setup and orientation of a simulated Bank.com environment and its tools.
    • Explore defensive tools for analysis and trouble-ticket writing for an attack.
    • Practice individual active defense techniques that could defend your network from an attack and mitigate its impact on operations.
    • Build relationships with local law enforcement.
    • Share lessons learned and ideas for future events.
    • Receive a proven playbook and checklists.

    See Upcoming Exercises

  • Hamilton Series

    Hamilton Series

    Simulating a variety of plausible cybersecurity incidents or attacks

    FS-ISAC partners with the Financial Services Sector Coordinating Council (FSSCC), US Treasury Department (Treasury) and other US government agencies including law enforcement to develop these one-day exercises aimed at improving the cyberthreat response within the US financial sector.
    Simulations mimic a variety of attacks. Participants include members of both the public and private sectors, so that results can be formed into improved public/private coordination strategies.

    *These exercises are specific to US-based financial institutions 

    Become a Member

  • Playbook Drills

    Playbook Drills

    Standardized approach to combating cyber-attacks in the financial sector

    With help from numerous contributors, FS-ISAC has created the Financial Sector Crisis Response Framework, a structured and standardized approach for the sector to manage cyber-attacks. From this broader Framework (formerly known as the All-Hazards Crisis-Response Playbook), FS-ISAC has
    created regional playbooks to address specific geographies. Playbook drills focus on coordinating trusted information sharing and crisis response by adhering to the common, structured process defined in the playbooks.

    Request More Information

  • Regional Exercises and Workshops

    Regional Exercises and Workshops

    Regional coalitions and exercises for small and mid-sized institutions

    Custom-designed exercises that are tailored for your organization’s environment. Such exercises can target threats that are specific to a particular region, to organizations of a specific size or financial segment and adaptable to your institution's highest priority.

    Request More Information

We enjoyed working with representatives from other organisations and saw firsthand the impact that collaboration and information sharing had on the participants’ decision-making and response times. We look forward to strengthening the relationships that we developed during the exercise and we will encourage others in the industry to communicate with their peers more to improve the overall resilience of the financial services sector.

Carlo Hopstaken - CISO and Head of Cyber Assurance Testing, UBS

FS-ISAC’s exercise program enables member institutions to develop a deeper, more comprehensive understanding of their role within the financial ecosystem, their cyber-risk profile and associated critical dependencies.

Download Exercises Overview

Sign up for FS-ISAC updates

You will receive a monthly roundup of industry and FS-ISAC event updates.

Fill out the form to join our mailing list.

Sign Up