I am a IT Compliance Auditor. Can anyone direct me as to where I might find an audit program for both of these CA products?
I need to perform a security health check and assessment for Endeavor and for Harvest.
Having administered Harvest over 3 or 4 versions of the product I would say what you want is basically built in. You would just need the proper sql queries to glue the access control information together. Each installation is a custom configuration and frankly each project inside it can be different from the others.
I have had to generate SOX, PCI and HIPAA reports showing separation of roles and such. All of which were sql queries.
Scott
I don't know of any automated programs that perform audits on these products. Usually, I do an assessment using the control practices described in the Cobit 4.1 Change and Config high level IT processes.
For example, I confirm that there is a separation of duties and there is full trace ability for all changes. A lot depends on what industry you are in and what regulatory requirements are driving your audit.
Bob Aiello
Editor in Chief, CM Crossroads
I don't know of any automated programs that perform audits on these products. Usually, I do an assessment using the control practices described in the Cobit 4.1 Change and Config high level IT processes.
For example, I confirm that there is a separation of duties and there is full trace ability for all changes. A lot depends on what industry you are in and what regulatory requirements are driving your audit.
Bob Aiello
Editor in Chief, CM Crossroads
Having administered Harvest over 3 or 4 versions of the product I would say what you want is basically built in. You would just need the proper sql queries to glue the access control information together. Each installation is a custom configuration and frankly each project inside it can be different from the others.
I have had to generate SOX, PCI and HIPAA reports showing separation of roles and such. All of which were sql queries.
Scott