Collaborating to Ensure the Global Financial System Stays Operational
Through exercises, firms build the muscle memory required for strong incident response. In 2023, FS-ISAC significantly expanded its breadth and scope of exercise offerings, from enabling more than 10,000 cyber practitioners to practice responding to real-world scenarios to multi-sector crisis response coordination.
The key components of our resilience program
FS-ISAC offers a wide variety of exercises for individual firms; for the sector at national and regional levels; as well as through public-private and cross-sector relationships around the world.
Learn. Connect. Collaborate.9 March 2025
SAAS Third Party Outage
FS-ISAC Tabletop Exercise
Practice with the latest active defence techniques to protect your network from an attack and mitigate its impact on operations.
18 October 2024 - 28 March 2025
Virtual | Materials Only
CAPS Postseason | Banking
Discussion-based exercise in which organizations walk through a real-world scenario in their own time
18 October 2024 - 28 March 2025
Virtual | Materials Only
CAPS Postseason | Insurance
Discussion-based exercise in which organizations walk through a real-world scenario in their own time
18 October 2024 - 28 March 2025
Virtual | Materials Only
CAPS Postseason | Securities & Investments
Discussion-based exercise in which organizations walk through a real-world scenario in their own time
Our exercise scenarios are based on the sector’s latest threat intelligence and are customized to a range of sector verticals as well as technical expertise. From hands-on-keyboard technical exercises to strategic level tabletops, our exercises help members upskill their teams, benchmark against peers, and understand how the sector is working to constantly evolve its resilience through cross-sector and public-private exercises around the world.
Exercises are open to members only
1
Exercise-in-a-box customized for banking, insurance, and securities to run on their own time
CAPS is a discussion-based exercise in which organizations walk through a real-world scenario in their own time and respond to a series of questions on how they would respond. The goal of CAPS is to help organizations to create stronger cross-functional relationships, improve incident response plans, and gain a clearer understanding of system vulnerabilities.
The CAPS exercise challenges incident response teams to overcome a simulated attack against a fictional financial services organization. Participants practice mobilizing quickly, working under pressure and recognizing critical intelligence to defend against an attack.
CAPS is available to all members, with three separate versions for Banking, Insurance, and Securities & Investments. Members in all Tiers receive CAPS as part of annual membership fees.
Banking FAQ
Insurance FAQ
Securities & Investments FAQ
2
Hands-on keyboard simulation, real-world experience
As new cyber challenges emerge, it is critical for security teams to get hands-on practice at cyber defense. Our cyber range program, powered by ImmersiveLabs, helps members get real-world experience in responding to new cyber threats while benefiting from the knowledge of industry peers in a secure and trusted environment.
Exercises are structured to provide participants with:
To register:
1. Login via Intelligence Exchange
2. Select the Member Services icon
3. Select the Event/Training tab
4. Select the desired exercise
If you are a member and do not have an Intelligence Exchange account, please contact FS-ISAC Admin.
3
Act out response processes, assess interactions
As part of its continuing support of the sector’s broad preparedness and operational resilience efforts, FS-ISAC’s Steel Resolve exercise provides an environment for participants to act out their policies and procedures in real-time in response to a large-scale attack on a global financial institution.
Steel Resolve is a significant step in the sector’s ability to observe and assess incident response capabilities at the firm level, the interaction between firms, and the public-private partnership activities.
Through this exercise we identify opportunities to improve information sharing and sector coordination across FS-ISAC committees. These recommendations get incorporated into FS-ISAC’s playbook to improve its ability to support the incident management process.
4
Strategic discussions on a wide range of scenarios
FinCyber Today UK: Focused on improving operational resilience in the EMEA region by exploring a significant disruption to the operational capability of a section of the financial sector.
Post-Quantum Computing: Focused on developing incident response strategies for post-quantum computing and its implementation throughout the financial sector.
Sheltered Harbor: Tests current Sheltered Harbor incident response frameworks and advances ongoing collaboration for future improvement to policies and procedures.
MRT & Communications: Tests the current response framework of FS-ISAC’s Media Response Team during an incident and focuses on improving communications outcomes.
FS-ISAC partners with the Financial Services Sector Coordinating Council (FSSCC), US Treasury Department and other US government agencies including law enforcement to develop these one-day exercises aimed at improving the cyber threat response within the US financial sector.
Simulations mimic a variety of attacks. Participants include members of both the public and private sectors, so that results can be formed into improved public/private coordination strategies.
Insider Threat: Tests organizational and sector response frameworks to an insider threat in order to understand and improve current policies and procedures.
Incident Comms & Messaging: Advances public-private strategic communications and messaging and ongoing collaboration with public affairs offices to continuously improve tailored messaging in response to an incident.
*Hamilton exercises are specific to US-based financial institutions
5
International in scope, collaborative in practice
Tri-Sector: Tests the Tri-Sector Playbook created with the energy and telecommunications sectors to unearth potential improvements to the framework.
Locked Shields: An international, operations-based exercise organized by NATO’s CCDCOE, enabling cybersecurity experts to enhance their skills in defending national IT systems and critical infrastructure under real-time attacks, as well as testing strategic level response. See more here.
CyberStorm: An operations-based exercise hosted by the US CISA, designed to bring together the public and private sectors to simulate discovery of and response to a significant cyber incident impacting the United States’ critical infrastructure.
National Level Exercise: Run by the US’ FEMA, NLEs provide the opportunity for all levels of government, the private sector, nongovernmental organizations, and community groups to test operational capabilities, evaluate policies and plans, familiarize personnel with roles and responsibilities, and foster meaningful interaction and communication across the country.
GridEx: A biennial exercise hosted by North American Electric Reliability Corporation’s (NERC) E-ISAC, GridEx gives E-ISAC member and partner organizations a forum to practice response to and recovery from coordinated cyber and physical security threats and incidents.
For our Tier 5-8 members, FS-ISAC’s Learn offers tailored learning opportunities for financial services staff at every level. Over 2000 online courses meet associates where they are to sharpen their cyber defense skills, elevate their cyber resilience practices, and reduce their institutions’ cybersecurity risk.
Interesting as ever to see where other jurisdictions are on some of these issues.”
As an employee that leads our cyber exercising, I found it extremely valuable to witness an operations-based test as we want to continue our exposure to this style of testing internally and externally.”
Being the bank's IT officer, I struggle to keep up with testing and most of the time lack the ability to come up with good scenarios. I registered for this exercise thinking, why not, could be beneficial? Holy Cow, I loved it!”
Interesting as ever to see where other jurisdictions are on some of these issues.”
As an employee that leads our cyber exercising, I found it extremely valuable to witness an operations-based test as we want to continue our exposure to this style of testing internally and externally.”
Being the bank's IT officer, I struggle to keep up with testing and most of the time lack the ability to come up with good scenarios. I registered for this exercise thinking, why not, could be beneficial? Holy Cow, I loved it!”
FS-ISAC Releases Critical Guidance on Subsea Cable Risks for Financial Firms
[Cyber Magazine] FS-ISAC CISO Talks Cyber Strategies for Financial Providers
[Cyber Magazine] FS-ISAC CISO Talks Cyber Strategies for Financial Providers
[Risk.net] Let’s Grow the Third-Party Risk Playbook – CME Security Chief
[UK Finance] Financial Sector Preparations for Malicious AI use
[UK Finance] Financial Sector Preparations for Malicious AI use
[UK Finance] Financial Sector Preparations for Malicious AI use
[CSO Online] Cyber Resilience: A Business Imperative CISOs Must get Right
[CSO Online] Cyber Resilience: A Business Imperative CISOs Must get Right
[CSO Online] Cyber Resilience: A Business Imperative CISOs Must get Right
[POLITICO Weekly Cybersecurity] The Red Flags Over South Korean Voting Tech
FS-ISAC Represents Global Financial Sector in Cyber Defense Exercise Locked Shields
[Banking Risk & Regulation] Does Your Bank Have a Robust Independent Cyber Security Risk Team?
[Banking Risk & Regulation] Does Your Bank Have a Robust Independent Cyber Security Risk Team?
[TNBT] APAC's Digital Boom: Why Cyber Resilience is the New Security Imperative for Financial Services
[TNBT] APAC's Digital Boom: Why Cyber Resilience is the New Security Imperative for Financial Services
[Banking Risk & Regulation] Banks ‘Woefully Underprepared’ for AI Cyber Attacks
[Banking Risk & Regulation] Banks ‘Woefully Underprepared’ for AI Cyber Attacks
[ABA Risk and Compliance] Gather around the table
[ABA Risk and Compliance] Gather around the table
[iTWire] Adapting to the Quantum Shift: Cultivating Business Resilience
[CSO Online] Proactive, not Reactive: The Path to Ensuring Operational Resilience in Cybersecurity
[CSO Online] Proactive, not Reactive: The Path to Ensuring Operational Resilience in Cybersecurity
Peer-Benchmarked Threat Resilience Metrics
© Copyright 1999 - FS-ISAC, Inc. All Rights Reserved.