Dr. Rampaul Hollington completed 21 years in the US Army, retiring as a Chief Warrant Officer 3. While on active duty, Dr. Hollington served as an Information Assurance Manager, an Information Assurance Security Officer, Information System Security Officer and COMSEC Custodian. Over the past 11 years, Dr. Hollington worked in support of Cyber programs for the Missile Defense Agency, the US Army and the US Air Force. Dr. Hollington also served as a special agent with the Defense Security Agency, responsible for the Certification and Accreditation oversight of cleared contractor IT systems. He currently serves as a Cybersecurity Consultant and RMF SME and an adjunct professor of Cybersecurity. Dr. Hollington has expertise under the DoD Information Technology Security Certification and Accreditation Process (DITSCAP), Defense Information Assurance Certification and Accreditation Process (DIACAP), The National industrial Security Program Operating Manual (NISPOM), and The NIST Risk Management Framework. Dr. Hollington’s industry certifications include: ISC2 CISSP, ISACA CISM, SANS GICSP, and CompTIA Security Plus. He holds a Bachelor Degree of Business Administration, a Master of Science Degree in Management, and a Doctorate of Science degree in the field of Cybersecurity.
Podcasts / Webinars
Historically, an organization developed a Cybersecurity program to achieve compliance. It has been our experience, organizations which achieve full compliance cannot continue to operate because of strict Compliance requirements and the lack of a functional Cybersecurity program. The lack of…
In part one of the RMF Categorization podcast series, the SMEs discuss what a security program is and why it is important. A security program defines the people, processes and technologies used to manage cybersecurity risk to the environment in which your system operates. This document serves as the blueprint for how your system operates and responds to the ever changing threat landscape.
In part two of the RMF Categorization podcast series, the SMEs discuss the process of accurately identifying information types. The identification of the information types establishes the foundation for the system security program. The information types serve as the baseline by which the mission owner as well as the adversary both measure success. Information types allow the system owner to respond to cybersecurity risks by utilizing specified security requirements.
In part three of the RMF Categorization podcast series, the SMEs discuss the process of aligning the security objectives. The security objectives provide a common understanding of the impact levels on the information types as well as a common viewpoint of a system compromise and its organizational impact. The security objectives allow the system owner to identify security requirements in order to mitigate and reduce risks to the system.
In part four of the RMF Categorization podcast series, the SMEs discuss the various roles and responsibilities as well as the operating environment. Any individual that interacts with a system has a certain role or responsibility in the implementation of the system security program. These roles and responsibilities are propagated across three tiers: 1) the organization, 2) mission/business processes and 3) information systems. The operating environment consists of the system authorization boundary as well as all external entities interacting with the system information types. The operating environment should result in a specific implementation of prescribed security requirements and provide a measurement of a security program’s effectiveness.