<img height="1" width="1" style="display:none;" alt="" src="https://px.ads.linkedin.com/collect/?pid=6226337&amp;fmt=gif">

FS-ISAC | Exercises

Build the muscle memory to respond to cyber attacks

18 October 2024 - 28 March 2025
Virtual | Materials Only

CAPS Postseason | Banking

____________

Discussion-based exercise in which organizations walk through a real-world scenario in their own time

18 October 2024 - 28 March 2025
Virtual | Materials Only

CAPS Postseason | Insurance

____________

Discussion-based exercise in which organizations walk through a real-world scenario in their own time

18 October 2024 - 28 March 2025
Virtual | Materials Only

CAPS Postseason | Securities & Investments

____________

Discussion-based exercise in which organizations walk through a real-world scenario in their own time

True business resilience means being prepared for whatever comes

Through exercises, firms build the muscle memory required for strong incident response. In 2022, FS-ISAC significantly expanded its breadth and scope of exercise offerings, from enabling more than 10,000 cyber practitioners to practice responding to real-world scenarios to coordinating the financial sector’s participation in the world’s largest live-fire cyber exercise. 
 

Our exercise scenarios are based on the sector’s latest threat intelligence and are customized to a range of sector verticals as well as technical expertise. From hands-on-keyboard technical exercises to strategic level tabletops, our exercises enable you to upskill your teams, benchmark yourself against peers, and understand how the sector is working to constantly evolve its resilience through cross-sector and public-private exercises around the world. 

Exercises are open to members only.  Talk to our Exercises Team

In Our Members' Words

See what our community is saying

Beate Zwijnenberg

CISO, ING

 Driven by member-curated content, FS-ISAC continues to enhance sectoral efforts to meet the ever-present threat posed by cyber criminals. In particular, the available workshops and technical exercises have proven invaluable in helping enhance organizacional preparedness.

Glenn Foster

CISO, TD Bank Group

 As financial institutions look to operate with sound cuber resiliency to enable secure and stable operations, the FS-ISAC cyber exercises allow our teams to remain current on cyber trends to identify learnings and test our responses, while keeping our customers and colleagues safe.

Carlo Hopstaken

CISO, UBS

 We enjoyed working with representatives from other organizations and saw firsthand the impact that collaboration and information sharing had on the participants’ decision-making and response times.

Rachel Keller

Branch Manager, Vice President Preferred Bank

 I just want to say thank you! This functional exercise has been phenomenal!! I wanted to put a cyber incident spin on my side so I threw out my scenario twist this morning. Such a wonderful learning tool and can’t wait to have other people participate next time!

More than 10,000 cyber practitioners trained

Participants from 30 countries

6 different types of exercises to choose from

Learn more about our offerings

1

CAPS:

On-demand access, benchmarked results

CAPS is a discussion-based exercise in which organizations walk through a real-world scenario in their own time and respond to a series of questions on how they would respond.  The goal of CAPS is to help organizations to create stronger cross-functional relationships, improve incident response plans, and gain a clearer understanding of system vulnerabilities. 

The CAPS exercise challenges incident response teams to overcome a simulated attack against a fictional financial services organization. Participants practice mobilizing quickly, working under pressure and recognizing critical intelligence to defend against an attack. 

  • Participate from your premises or remotely via computer sharing using virtual, confidential exercise materials
  • Teams spend three to six hours on the two-part scenario
  • Receive unattributed peer data to compare your response to other organizations 

CAPS is available to all members, with three separate versions for Banking, Insurance, and Securities & Investments. Members in Tiers 1-5 receive CAPS as part of annual membership fees. Members in Tiers 6-8 make payment of US$ 175 by card when registering. FS-ISAC reserves the right to decline participation. 

Banking FAQ

Insurance FAQ

Securities & Investments FAQ

Contact us

2

Cyber Range:

Hands-on keyboard simulation, real-world experience

As new cyber challenges emerge, it is critical for security teams to get hands-on practice at cyber defense. Our cyber range program, powered by ImmersiveLabs, helps our members get real-world experience in responding to new cyber threats while benefiting from the knowledge of industry peers in a secure and trusted environment. 

Exercises are structured to provide participants with: 

  • Defensive tools for attack analysis
  • Network defense techniques
  • Proven playbooks and checklists to integrate into incident response plans
     

Register via Intel X

To register: 

1. Login via Intelligence Exchange 

2. Select the Member Services icon 

3. Select the Event/Training tab 

4. Select the desired exercise 

Register via Intel X


If you are a member and do not have an Intelligence Exchange account, please contact FS-ISAC Admin.

3

Functional:

Act out response processes, assess interactions

As part of its continuing support of the sector’s broad preparedness and operational resilience efforts, FS-ISAC’s Steel Resolve exercise provides an environment for participants to act out their policies and procedures in real-time in response to a large-scale attack on a global financial institution. 

Steel Resolve is a significant step in the sector’s ability to observe and assess incident response capabilities at the firm level, the interaction between firms, and the public-private partnership activities. 

Through this exercise we identify opportunities to improve information sharing and sector coordination across FS-ISAC committees. These recommendations get incorporated into FS-ISAC’s playbook to improve its ability to support the incident management process. 

4

Tabletop:

Strategic discussions on a wide range of scenarios

FS-ISAC Tabletop Exercises 

London FinCyber UK: Focused on improving operational resilience in the EMEA region by exploring a significant disruption to the operational capability of a section of the financial sector. 

Post-Quantum Computing: Focused on developing incident response strategies for post-quantum computing and its implementation throughout the financial sector. 

Sheltered Harbor: Tests current Sheltered Harbor incident response frameworks and advances ongoing collaboration for future improvement to policies and procedures. 

MRT & Communications: Tests the current response framework of FS-ISAC’s Media Response Team during an incident and focuses on improving communications outcomes.        


Hamilton Tabletop Exercises* 

FS-ISAC partners with the Financial Services Sector Coordinating Council (FSSCC), US Treasury Department and other US government agencies including law enforcement to develop these one-day exercises aimed at improving the cyber threat response within the US financial sector. 

Simulations mimic a variety of attacks. Participants include members of both the public and private sectors, so that results can be formed into improved public/private coordination strategies. 

Insider Threat: Tests organizational and sector response frameworks to an insider threat in order to understand and improve current policies and procedures. 

Incident Comms & Messaging: Advances public-private strategic communications and messaging and ongoing collaboration with public affairs offices to continuously improve tailored messaging in response to an incident. 

*Hamilton exercises are specific to US-based financial institutions 
 

5

Cross-Sector:

International in scope, collaborative in practice

Tri-Sector: Tests the Tri-Sector Playbook created with the energy and telecommunications sectors to unearth potential improvements to the framework. 

Locked Shields: An international, operations-based exercise organized by NATO’s CCDCOE, enabling cybersecurity experts to enhance their skills in defending national IT systems and critical infrastructure under real-time attacks, as well as testing strategic level response. See more here

CyberStorm: An operations-based exercise hosted by the US CISA, designed to bring together the public and private sectors to simulate discovery of and response to a significant cyber incident impacting the United States’ critical infrastructure. 

National Level Exercise: Run by the US’ FEMA, NLEs provide the opportunity for all levels of government, the private sector, nongovernmental organizations, and community groups to test operational capabilities, evaluate policies and plans, familiarize personnel with roles and responsibilities, and foster meaningful interaction and communication across the country. 

GridEx: A biennial exercise hosted by North American Electric Reliability Corporation’s (NERC) E-ISAC, GridEx gives E-ISAC member and partner organizations a forum to practice response to and recovery from coordinated cyber and physical security threats and incidents. 

Related Content

Report

FS-ISAC leads financial sector in live-fire cyber exercise locked shields

Article

In the Poker Game of Ransomware, A Data Vault is Your Ace in the Hole

Article

Locked Shields ‘Live Fire’ Cyber Drills to be Held as War in Ukraine Continues

Article

Banks prepare for cyber-battle to promote cybersecurity awareness

Podcast

The Cyber Security Podcast from PwC UK: Why regulators are shining a spotlight on cyber resilience

Article

Strong Incident Response is Business-Critical

Exercises are open to members only - join today

Become a Member

 

Interested in learning more about our exercises?

Please fill out the form
and we will be in touch.