How to perform a security health check and assessment for CA Endeavor and for CA Harvest?

cisa's picture
cisa asked on October 19, 2011 - 8:47pm | Replies (2).

I am a IT Compliance Auditor. Can anyone direct me as to where I might find an audit program for both of these CA products?

I need to perform a security health check and assessment for Endeavor and for Harvest.

2 Answers

Bob Aiello's picture
Bob Aiello replied on October 23, 2011 - 1:06am.

I don't know of any automated programs that perform audits on these products. Usually, I do an assessment using the control practices described in the Cobit 4.1 Change and Config high level IT processes.

For example, I confirm that there is a separation of duties and there is full trace ability for all changes. A lot depends on what industry you are in and what regulatory requirements are driving your audit.

Bob Aiello
Editor in Chief, CM Crossroads

smitherz's picture
smitherz replied on October 26, 2011 - 7:59pm.

Having administered Harvest over 3 or 4 versions of the product I would say what you want is basically built in. You would just need the proper sql queries to glue the access control information together. Each installation is a custom configuration and frankly each project inside it can be different from the others.

I have had to generate SOX, PCI and HIPAA reports showing separation of roles and such. All of which were sql queries.


CMCrossroads is a TechWell community.

Through conferences, training, consulting, and online resources, TechWell helps you develop and deliver great software every day.