Topic: RMF ATO vs. Security ProgramSpeaker:
Dr. Rampaul Hollington and Stephen BrewsterCPE Hours:
A security program provides an end-to-end, comprehensive view of all risks related to the use of the DoD Information System. A sound security program takes into account the tone and culture of Tier 1, 2 organizations, and the operational issues within Tier 3 organizations. In summary, the framework will enable the system owner to understand, communicate, and manage system risk. This process correlates to existing risk related components within the current ISACA frameworks, i.e., COBIT and Val IT.Learning Objectives:
The implementation of Risk Management Framework in a DoD environment has a resulted in a focus of obtaining an ATO. The system owner rarely achieves the implementation of the security program that enables natural risk acceptance.
- There will be an open discussion between members of Control and Package approval chain members.
- We will explore the concepts, strategies, and purpose of a security program within the DoD RMF process.
- Participants will gain an deeper understanding of how their current position as contractors or government civilians can enable the development of a security program
Dr. Rampaul Hollington is a 21 year retired US Army Chief Warrant Officer 3. Dr. Hollington served our nation as an Information Assurance Manager, an Information Assurance Security Officer, Information System Security Officer and COMSEC Custodian. Over the past 12 years, Dr. Hollington worked in support of Cyber programs for the Missile Defense Agency, the US Army, the US Air Force, and the Defense Security Service. He currently serves as a Cybersecurity Consultant and RMF SME and an adjunct professor of Cybersecurity. Dr. Hollington’s industry certifications include ISC2 CISSP, ISACA CISM, SANS GICSP, and CompTIA Security Plus. He holds a Bachelor Degree of Business Administration, a Master of Science Degree in Management, and a Doctorate of Science degree in the field of Cybersecurity.
Mr. Stephen Brewster has 15 years of experience supporting the warfighter through software assurance, systems integration and testing, and cybersecurity governance and risk management. Mr. Brewster has led software development efforts and has integrated software assurance tools, standards, and processes in to system development lifecycles. Mr. Brewster served as the federal division cybersecurity manager of a facility related control systems (FRCS) provider. He has presented on the topic of risk management framework around the world in support of the Army Corps of Engineers, Society of American Military Engineers, NAVY, AIRFORCE, and ARMY. Mr. Brewster holds the following industry certifications: ISC2 CISSP, ISACA CISM & CISA, SANS GICSP, and CompTIA Security Plus. He holds a Bachelor Degree of Computer Science and a Master of Science Degree in Information Assurance Engineering.