post

FinTrak Bags Two BoICT 2015 Distinguished Awards

Lagos, Nigeria, April 28, 2015 – At the Beacon of ICT (BoICT) Distinguished Awards Event, FinTrak Software Co. LTD, a pan-African fast growing leader in Software development and services for banks, insurance, manufacturing and other sectors, won the “Software Company of the Year” award;  while the Group Managing Director, ‘Bimbo Abioye won the “ICT Entrepreneur of the Year” award.

AWARD BADGE

In 2014, FinTrak Software Co. LTD won the ‘Software Company of the Year 2014’and retained the same in this year’s awards. While, the GMD of the Company won the prestigious award of the “ICT Entrepreneur of the Year” for the first time on the Beacon of ICT (BoICT) Awards platform. Both of these awards underscore FinTrak’s position as an innovative and excellence driven company being led by a man with passion for ICT and an exceptional executive visionary and innovative leadership acumen.

The Beacon of ICT (BoICT) Distinguished Awards is organized by Nigeria Communications Week. The award is the biggest industry event with the aims of recognizing and rewarding companies that have contributed immensely to the country’s fast growing field of ICT. This is a respected merit-centric award for outstanding companies with best practices.  This year’s event which took place on 25th of April 2015 at the Eko Hotels and Suites in Lagos had Executives from Telecoms, NCS, ITAN, NITDA, NCC, NBC and others in attendance.

In his reaction to the awards, Bimbo Abioye highlighted that “I am very honoured to receive this prestigious awards. At FinTrak Software, we have always been focused on staying ahead of the curve, anticipating and quickly adapting to change and positioning our business model to capitalise on the developments in an increasingly digitalised world. These awards come as a call for more on our part and we are committed to working and achieving higher successes as we push the boundaries in the ICT Industry here in Africa and beyond”.

aw

FinTrak Software is a global ICT organization providing technology and business solutions to commercial banks, mortgage banks and other financial institutions across Africa. Their core mission is to support businesses with technologies and intellectual strength required to enable them surpass their stakeholders’ expectations, through strategic alliances. Their team has successfully implemented over 100 technology solutions for various enterprises engaged in Commercial Banking, Mortgage Banking, Insurance and Manufacturing across: Nigeria, Benin, Togo, Cote D’Ivorie, Gambia, Sierra Leone, Ghana, Senegal, Rwanda, Congo, Zambia and more in progress from our business offices in Nigeria, Ghana, Gambia and Kenya.

post

Agile Security for Agile Software Development

The presence of agile software development brought some ideals to software development methodology, maybe that’s why it did not take long before it gained wide acceptance. The manifesto of agile adapted to software development life cycle (SDLC) can as well improve the security status of applications which currently serves as the most exploited threat vector across the globe and reported by Symantec to have increased by 30 percent this year (web applications).

Agile

From experience, the “agility” of software development process increases vulnerability of software. Adapting the Agile development process manifesto to improve software security will boost applications security. Agile manifesto as found applicable to software security is described below:

Agile promises to value individuals and interactions over processes or tools. This concept is great for business relationship between software vendors and their clients. Adapting agile to software security, individuals, for instance, users and interactions with the system should be discussed as part of the security requirements and well measured to decide the risk appetite of the organization. While processes and tools are important, individuals and interactions eventually decide the efficacy of the security.

Agile promises working software over comprehensive documentation. The details of what makes how a software works is not as important as if the software works. However, the fact that software is working does not make it secure neither does it guarantee its quality. So, for agile security, we prefer working security over comprehensive documentation. Simply should be risk-based and not tick-the-box security.
7998262_orig

Agile promises customer collaboration over contract negotiation. In order to improve the security of SDLC, customers and good understanding of business objectives is imperative over negotiations and deliberations. It is in understanding of the customers and their business that facilitates business collaboration and hence collaboration for secure software.

Agile promises responding to change over following a plan. Change is constant and growth is change in itself, which is another reason why continuous monitoring is imperative in agile security. Threat analyzed through modelling and risk defined software security is a more decent approach and when a change is made agile security requires that it’s security is responsive, that is, re-calibrated to reduce the risk posture of the organization.

However, as discussed in the agile manifesto it is not a bad idea to follow plans, negotiate contract, document comprehensively or rely on process and tools. It is more expedient to follow the left-side options. While we deliver software with agile process, we can adopt agile security concept for a brilliant, better and secure application.

post

Our Achilles heels, Communication; The weakest security link

3703472

“… but the CIA followed his COURIER to a place near the Pakistan Military Academy in Bilal Town, Abbottabad”.

I am persuaded by my exposure, expertise and experience to relate to my readers the security beast in communication this month. This argument is not against the common notion that ‘Humans’ are the weakest link. Really, I think it does strengthens it.

According to Wikipedia, Communication (from Latin communicare, meaning “to share”) is the activity of conveying information. It is also the meaningful exchange of information between two or more participants (machines, organisms or their parts).

Communicating with others involves three primary steps:
Thought: First, information exists in the mind of the sender. This can be a concept, idea, information, or feeling.
Encoding: Next, a message is sent to a receiver in words or other symbols.
Decoding: Lastly, the receiver translates the words or symbols into a concept or information that a person can understand.

I really wish communication could stop at the first level. I mean, thought-to-thought communication because most times,
humans become vulnerable in the process of encoding and decoding, also transfer of their messages. Man is made to
communicate and so does all living things and that’s why it’s tougher to protect and easier to exploit. Most breaches
happened as a result of communication between either applications, systems or people. The problem is, we can not always isolate or sandbox, we will at a point need to integrate and communicate.

In Phil Zimmermann’s (author and creator of PGP) words on ‘Why I wrote PGP’, he said, “…But with the coming of the information age, starting with the invention of the telephone, all that has changed. Now most of our conversations are conducted electronically. This allows our most intimate conversations to be exposed without our knowledge.”

In the first paragraph of this post, is the line that described how almost evasive Osama bin Laden was captured and
killed according to Howard E. Wasdin and Stephen Templin in their book titled ‘SEAL TEAM SIX’. It was described in the book that Osama lived in a place protected by walls topped with barbed wire, has two security gate (physical security), has no phone or internet connection (attempted to disconnect from computers to avoid eavesdropping or tracking). Also, the people who live there burned their trash instead of setting it out for garbage collection like their neighbour( may be to also prevent dumpster diving, a kind of social engineering).

However, with all his security measure, he has one single point of failure – his COURIER (A courier is a person who delivers messages, packages and mails) and that was all that was needed. He was tracked and killed. I presume he never knew that was his Achilles’ heel. And like most of us we don’t know or we really don’t care about it.

I think as long as man exist and technology evolves, man will continue to be vulnerable with his communication. the only solution here is to be aware. And I repeat be aware so you can decide to either live or die by it!

Thank you for reading