Steve Nesbitt, Special Agent, NASA OIG, brought the group to order and introduced the Chair of the Information Technology (IT) Roundtable, Robert W. "Moose" Cobb, NASA Inspector General. Mr. Cobb welcomed the participants, and underscored his support for the IT Roundtable. He has named David Cushing, NASA OIG Assistant Inspector General for Inspections and Assessments, as his coordinator for Roundtable matters. Mr. Cushing, his staff, and other NASA OIG staff members will provide necessary administrative and logistical support for the Roundtable. Mr. Cobb stressed that the Roundtable should be an information-sharing resource and a leader in improving Federal IT. He mentioned that Mark Everson, Deputy Director for Management at OMB wants to know what the best practices in IT and IT security are and what IG's are doing collectively in this area. Mr. Cobb will meet with Mark Forman, head of OMB's e-government initiative, on November 22, 2002, regarding IT security.

Mr. Nesbitt provided the group with an overview of the agenda and the focus of the meeting.

Meeting Summary

• NASA OIG will provide support, administer the Roundtable, and enhance communication of IT issues through working groups, a Web page, and other means
• The Roundtable will work with CIO's and OMB to identify best practices
• Participation of the IG community is necessary-ECIE members are also invited to send representatives to the Roundtable

A. Mr. Nesbitt and Mr. Cushing facilitated a brainstorming session to identify the key components of a strong OIG IT program (not in priority order):

1. Trained computer crimes investigators
2. Detection capability
3. Analysis capability
4. Integrated/strong leadership
5. Increased OIG integration
6. Access to monitoring information
7. Cooperation with agencies
8. Agency leadership/responsiveness
9. Leverage the influence of the OIG community
10. Cooperation with CIO's
11. Trained auditors/evaluators
12. Participation/awareness of system lifecycles
13. Real-time discussion
14. Share information/knowledge bases
15. Effective tools, techniques, processes
16. Common standards

B. Established three major working groups (subgroups formed as needed, such as the criminal forensic group) to identify IT and ITS issues in the OIG community. Several participants volunteered for membership in these working groups, but membership is still open to others who may wish to join a group. These groups will meet in the near future to generate Roundtable issues and priorities. Working group coordinators will distribute meeting schedules through e-mail and/or phone contact. When the Roundtable Web site is established, meetings will be posted to it.

• Investigations Working Group-Coordinator, Steve Nesbitt, NASA OIG, 202-358-2576, snesbitt@imx.hq.nasa.gov
• Oversight Working Group (Audits and Inspections)-Coordinator, Dana Mellerio, NASA OIG, 202-358-0271, dmelleri@hq.nasa.gov
• Coordinating Working Group-Coordinator, David Cushing, NASA OIG, 202-358-2572, dcushing@hq.nasa.gov, will be composed of a diverse group of OIG professionals to ensure that cross-cutting issues and priorities are identified.

C. Discussed Issues

• Role of the IG Community
  1. Oversight
  2. Criminal Investigations
  3. Sharing tools, techniques, training to enhance community-wide approach
• Training
  1. Identify competencies
  2. Develop a matrix from basic through specialty courses
  3. Begin with in-house GISRA training
  4. Obtain IGs' support for IT and ITS training - work with IG training facilities (IG Academy and IGATI) to develop an IT curriculum responsive to the needs and resources of the community and identify approaches to providing that training
  5. Establish and actively maintain a Web page to improve the dissemination of IT training information by listing upcoming training and real-time alerts about available course openings that become available in a course
• Qualified Staff - develop common standards that include levels of training and certification
• Forensic Capabilities
  1. National Forensic Laboratory pros and cons - OIG's identified as having forensic capability include NASA, Department of State, Social Security Administration, U.S. Postal Service, and Department of Energy
  2. The need to maintain in-house capability stressed - Use FBI and other labs, but concern regarding backlogs and inherent issues with prioritization of cases
• Challenges
  1. Community-wide approach needed. Cooperation and sharing of information, techniques, tools, training, approaches, etc.
  2. Access to monitoring and detection
  3. Agency leadership support and responsiveness needs to improve; senior-level managers not always willing to address IT; work with CIO's

D. Surveys to be conducted-Chuck Coe will develop a list of definitions to ensure clarity of information sought

• IT Vulnerabilities Assessment-Developed by NASA OIG (Inspections and Assessments)
• IT Forensic requirements/capabilities-Developed by Investigations Working Group
• IT Training needs-Developed by OIG Criminal Forensics Group and other Working Groups

Meeting Participants:
Randy Bishop, DOE
Lance Carrington, NASA
Robert W. Cobb, NASA
Charles Coe, NASA
David Cushing, NASA
Jamil Farshchi, NASA
Tim Fitzgerald, DOS
Stephen Fowler, DOL
Gregory Frazier, EEOC
Alan Hansen, HUD
Khalid Hasan, HUD
Charles Heaton, NASA
Neil Lehrer, HHS
Gwen McGowan, GSA
Marion Meissner, NASA
Dana Mellerio, NASA
Steve Nesbitt, NASA
Jerry Patterson, HHS
Andrea Pawley, NASA
Wes Pippenger, NASA
Darryl Ross, DOE
Eddie Saffarinia, DOI
Bruce Schmidt, NASA
Beth Serepca, NRC
Paul Shawcross, NASA
Jim Stimson, HHS
Will Stumme, NRC
Kitt Winter, SSA
Harvey Witherspoon, FDIC

Note Takers: Donna Triplett, Marion Meissner, and Andrea Pawley, NASA OIG