CSIAC

Cyber Security and Information Systems Information Analysis Center

/ All Podcast Series / / Risk Management Framework (RMF) Categorization Part 3 of 4

- Risk Management Framework (RMF) Categorization Part 3 of 4

| Presenters: Dr. Rampaul Hollington, Stephen Brewster | Leave a Comment

Notice: This podcast video may contain personal or third-party views and opinions not associated with the government.
Please see our terms of use located here: https://www.csiac.org/csiac-terms-of-use/

In this four part podcast series, CSIAC subject matter experts (SMEs) conduct a roundtable discussion of the first step of the Risk Management Framework (RMF) process, Categorization, focused specifically on Industrial Control Systems (ICS). The main objective of the categorization phase is to project the potential negative effects upon an organization should certain assets become compromised. This would include the CIA Triad – Confidentiality, Integrity and Availability (CIA) – involving the systems within an enterprise and the associated data those systems may process, store or transmit. Based upon the assessment of the possible risks, certain processes or tasks may be employed to mitigate the potential adverse impacts.

In part three of the RMF Categorization podcast series, the SMEs discuss the process of aligning the security objectives. The security objectives provide a common understanding of the impact levels on the information types as well as a common viewpoint of a system compromise and its organizational impact. The security objectives allow the system owner to identify security requirements in order to mitigate and reduce risks to the system.

CAC/PIV holders can watch or download the podcast here: https://www.dodtechipedia.mil/dodwiki/download/attachments/600342610/2020-02-csiac-podcast-risk-management-framework-rmf-categorization-part-3.mp4

Presenters

Dr. Rampaul Hollington
Dr. Rampaul Hollington
Dr. Rampaul Hollington completed 21 years in the US Army, retiring as a Chief Warrant Officer 3. While on active duty, Dr. Hollington served as an Information Assurance Manager, an Information Assurance Security Officer, Information System Security Officer and COMSEC Custodian. Over the past 11 years, Dr. Hollington worked in support of Cyber programs for the Missile Defense Agency, the US Army and the US Air Force. Dr. Hollington also served as a special agent with the Defense Security Agency, responsible for the Certification and Accreditation oversight of cleared contractor IT systems. He currently serves as a Cybersecurity Consultant and RMF SME and an adjunct professor of Cybersecurity. Dr. Hollington has expertise under the DoD Information Technology Security Certification and Accreditation Process (DITSCAP), Defense Information Assurance Certification and Accreditation Process (DIACAP), The National industrial Security Program Operating Manual (NISPOM), and The NIST Risk Management Framework. Dr. Hollington’s industry certifications include: ISC2 CISSP, ISACA CISM, SANS GICSP, and CompTIA Security Plus. He holds a Bachelor Degree of Business Administration, a Master of Science Degree in Management, and a Doctorate of Science degree in the field of Cybersecurity.
Stephen Brewster
Stephen Brewster
Stephen Brewster is a graduate of Capitol Technology University with a Masters in Information Assurance Engineering. Stephen has expertise in software assurance, systems integration and testing, and cybersecurity governance and risk management. Mr. Brewster developed software for military logistics planning shortly after finishing his bachelors in Computer Science. He was instrumental in leading Unmanned Systems contractor organizations through the integration of software assurance tools, standards, and processes. Mr. Brewster later provided his expertise, as the cybersecurity manager of the federal division of a leading provider of facility related control systems (FRCS). He has presented on the topic of risk management framework of FRCS around the world in support of the Army Corps of Engineers, NAVY, AIRFORCE and ARMY. Mr. Brewster holds the following industry certifications: ISC2 CISSP, ISACA CISM & CISA, SANS GICSP, and CompTIA Security Plus.

Reader Interactions

Leave a Comment