BankInfoSecurity.com - Information Security News, Regulations, & Education

Just Released: Our Online Webinar Catalog

Bank Information Security Articles

Cyber Attack Exercise Planned

Credit
EligibleAs a BankInfoSecurity.com annual member, this content can be used toward your membership credits and transcript tracking. Click For More Info

Financial Services Industry to Participate in Simulation to Test Security Measures

January 7, 2010 - Linda McGlasson, Managing Editor

Save

Digg

Delicious

Please login or register to save this article.

Comment on this article

How prepared is the financial services industry in the event of a cyber attack?

The Financial Services Information Sharing and Analysis Center (FS-ISAC), a national industry forum, will conduct Cyber Attack Against Payment Processes (CAPP), an exercise to measure the ability of financial institutions, payment processors, businesses and retailers to respond and recover from major cyber incidents.

The nationwide simulation exercise, slated for February 9-11, will be in the form of a virtual tabletop exercise, similar to what the industry did during the pandemic preparation testing in 2007, says Bill Nelson, FS-ISAC's CEO and president.

"We are pleased with the industry response and support we have received for conducting the CAPP exercise," says Nelson. He adds that support for the event has already come from NACHA and the Regional Payments Associations, American Bankers Association, Independent Community Bankers Association, Association for Financial Professionals, U.S. Chamber of Commerce, BITS Financial Services Roundtable, Federal Reserve Retail Payment Office and FS-ISAC membership, including the Payments Processor Information Sharing Council.

Main Objectives
The exercise is open to all in the industry. The exercise's goals are:

To raise awareness, educate, and test the ability of financial services firms, card processors, businesses and retailers to respond to major cyber attack incidents;
Make recommendations for improvements to cyber incident response procedures;
Evaluate and develop appropriate risk mitigation recommendations in response to the cyber payments attacks used in the exercise;
Engage participants going forward on the need to share threat, vulnerability and incident information;
Develop an after action report that can be used for workshops, webinars and ongoing educational sessions regarding the lessons learned from the exercise.

Click to Get Updates on the Latest Information Security News

Company*

Title*

Email*

Subscription Type:

Healthcare Enews

General Healthcare Enews
Blogs Enews
Careers Enews
Training Enews
Webinars Enews
Podcasts Enews
White Papers Enews

Government Enews

General Government Enews
Blogs Enews
Careers Enews
Training Enews
Webinars Enews
Podcasts Enews
White Papers Enews

Banking Enews

General Banking Enews
Blogs Enews
Careers Enews
Training Enews
Webinars Enews
Podcasts Enews
White Papers Enews

Credit Union Enews

General Credit Union Enews
Blogs Enews
Careers Enews
Training Enews
Webinars Enews
Podcasts Enews
White Papers Enews

Need Help?

The industry-wide exercise comes a little over one year after news of the Heartland Payment Systems breach was made public. That breach of an estimated 130 million accounts, thought to be the largest breach ever reported, is one of the unstated reasons for the exercise, along with the increasing number of cyber attacks being made against U.S. government computer networks and infrastructure.

Three Different Attacks
The exercise is designed to present a new attack scenario to participants on each of the three days. "Participants will activate their own internal response procedures based on the scenario received, and will complete an anonymous survey provided with the scenario to evaluate their emergency response," Nelson says. At the end, FS-ISAC will share the aggregated data with participants and identify key lessons learned, areas for improvement, and recommended best practices.

"When cybersecurity threats occur, swift and well-planned reactions can mean the difference between business continuity and business catastrophe," says Nelson. "This is especially true with cyber attacks against payment processes."

Banks, credit unions, other financial institutions, retailers, card processors and businesses of all sizes are invited to participate in the exercise. Nelson There is no charge to take part in the exercise, and participants will receive an after-action report including best practices and mitigation techniques. For more information, visit www.fsisac.com/capp. Deadline to register is January 29.

Next Related Article:

Dodd Unveils New Vision of Financial Regulatory Reform

Will you participate in this cyber exercise? Why or why not?

Here's your chance to be a part of the dialogue and engage with your peers! Just enter your comment to the right, click submit to send it to our Editor. All entries are posted anonymously.

Please login if you would like to post a comment on this question.

Topics of Interest

PCI DSS

Reducing the Cost of Achieving PCI Compliance
Automated, Continuous PCI Compliance

ITIL

Facing an IT Audit - How would your institution fare?

Web Security

How to Protect Your Online Banking Systems from Web Malware Attacks
Moving Towards Electronic Business Processes for Financial Services

Phishing

Online Transaction Origination: Ensuring Customer Confidence & Trust
Man-in-the-Middle Attacks: Helping to Eliminate the Threat Without Impacting the Business

Patriot Act

Money-Laundering Update: Kevin Sullivan on Emerging Threats
Cross-Border Money Laundering Threats

Debit, Credit, Prepaid Cards

BankInfoSecurity.com Week in Review: Aug. 6, 2010
BankInfoSecurity.com Week in Review: Aug. 20, 2010

Latest Tweets & Mentions

Recent Content
Most Popular

1Heartland, Discover Settle at $5 Million
2How to Protect Consumers from ID Theft
3The Mobile Mandate
4Church Latest Victim of ACH Fraud
5Video: Why Cyber Challenge is Needed
6FDIC: 829 Troubled Banks
7ID Theft: Courts Cracking Down
810 Tips to Thwart Skimming
9Skimming: Old Crime, New Tools
10Key Elements of Risk Management

1Failed Banks and Credit Unions, 2010
22010 Data Breach Timeline
3Pay-At-The-Pump Skimming on the Rise
4Account Takeover: The New Wrinkle
5Tapping the Power of Social Media
6ATM Skimming: How Effective is Jitter?
741 Banking Breaches So far in 2010
8New Fraud Spree Investigated
9Social Media Policy - The 6 Essentials
10FDIC: Top 5 Fraud Threats

BankInfoSecurity.com Research

Podcast:Mortgage Fraud: Compliance to be a Challenge
Webinar:Time: The Hidden Risks -- How to Create Compliant Time Practices
Handbook:2010 Webinar Catalog
White Paper:Understanding Man-in-the-Browser Attacks and Addressing the Problem
Regulation:FHFA: Issues Subpoenas for PLS Documents

Recent Blog Entries

Be Mindful of Insider Fraud Against Seniors

California's Financial Abuse Reporting Act, SB 1018, which r…

Read The Agency Insider by Linda McGlasson

Vendor Solutions

Intrusion Inc.

Solutions For:

Data Privacy, Email Security, Identity Theft Prevention
3i Infotech

Solutions For:

Anti-Money Laundering, Fraud Detection

Marketplace

Information Security Media Group - Family of Websites

Banking

BankInfoSecurity.com
Careers
Blogs

Credit Unions

CUInfoSecurity.com
Careers
Blogs

Government

GovInfoSecurity.com
Careers
Blogs

Healthcare

HealthcareInfoSecurity.com
Careers
Blogs

About Us
Contact Us
Site Map
Terms of Service
Advertise
RSS

BankInfoSecurity NewsGet the RSS Feed
Agency ReleasesGet the RSS Feed
Latest ArticlesGet the RSS Feed
WebinarsGet the RSS Feed
BankInfoSecurity.com BlogGet the RSS Feed

Home
Training
Resources
Content Library
- Agency Releases
- Articles
- Handbooks
- Podcasts
- Surveys
- Webinars | Calendar
- White Papers
Careers
Blog

Advanced Search

Browse Topics

Agencies

Federal Deposit Insurance Corp
Federal Reserve Board
Federal Trade Commission
FFIEC
FHFA
FinCEN
Government Accountability Office
National Credit Union Admin.
NIST
Office Comptroller of Currency
Office of Thrift Supervision

Anti-Money Laundering

Banking Today

Confidence In Banking

Business Continuity & Disaster Recovery

Pandemic Preparation

Compliance

Bank Secrecy Act
Basel II
CA Bill 1386
E-SIGN Act
FACTA
Gramm-Leach-Bliley Act
Guidance
Identity Theft Red Flags Rule
NCUA Part 748
Patriot Act
PCI DSS
Sarbanes-Oxley Act

Emerging Technology

Application Security
Authentication
Cloud Computing
Data Loss
Encryption
GRC
ID Access & Management
Messaging
Mobile Banking
Network/Perimeter
Remote Capture
SIM/SEM
Social Media
Storage
Web Security

Fraud

ACH
ATM
Check
Debit, Credit, Prepaid Cards
First Party
Insider
Mortgage
Payments
Wire

Governance & Standards

BITS
Cobit
COSO
FFIEC Handbook
ISO
ITGI
ITIL
PCAOB

Identity Theft

Pharming
Phishing
Skimming

Leadership & Management

Physical Security

Biometrics

Risk Management

HR
Incident Response
Information Security Compliance
Insider Threat
IT Audit
Privacy
Risk Assessment
Social Engineering
Vendor Management

Training & Education

FHFA: Issues Subpoenas for PLS Documents..Next Topic
The Electronic Funds Transfer (EFT) Act - Regulation E..Next Topic
The Electronic Funds Transfer (EFT) Act - Regulation E..Next Topic
DoJ: Report to Congress on Implementation of Section 1001 of the USA PATRIOT Act..Next Topic
FFIEC Issues 2009 Mortgage Fraud White Paper:The Detection and Deterrence of Mortgage..Next Topic
FDIC: Fraudulent Work-at-Home Funds Transfer Agent Schemes..Next Topic
Joint Statement by Education Secretary Duncan, Homeland Security Secretary Napolitano and..Next Topic
Obama's Cyberspace Policy Review: Assuring a Trusted and Resilient Information and..Next Topic
Obama's Cyberspace Policy Review: Assuring a Trusted and Resilient Information and..Next Topic
NIST: PIV Card Application and Middleware Interface Test Guidelines, SP800-85A-1..Next Topic

A-
A
A+