Local Content Technology Fair and Round-table 2017

The event, co-sponsored by FinTrak Software, was held on the 26th of October 2017 in Abuja FCT. It was hosted by the Federal Ministry of Communications, National Information Technology Development Agency (NITDA), Office for Nigerian Content in Information & Communication Technology and the ICT Local Content Association (ICTLOCA).

The Round-table had in attendance many distinguished dignitaries, Heads of ministries, parastatals, agencies, guest as well as stakeholders from the private sector. The Round-table session was conceived by the Council of ICT Heads in MDAs in partnership with Tech Law Development services in the furtherance of the implementation of the Executive order Number 003 on Support for Local Content in IT Procurement and clearance of IT projects in MDAs as well as other institutions of the Federal Government.  The goal is to put an end to capital flight which is weakening the naira, prevention job creation in the nation and the negative impact on the economy.

Earlier in October at a media briefing in Lagos, the Director General, National Office for Technology Acquisition and Promotion, NOTAP, Dr. Dan Azumi Mohammed Ibrahim, disclosed that the agency has saved Nigeria N192bn in six years and secured about 38 patents for agencies and private researchers in six months of 2017. This was achieved through the refusal to approve importation of technologies, as well as services that could be rendered by Nigerians, which would have resulted in capital flight.

GMD FinTrak Software, Bimbo Abioye, was on hand to share the success stories of indigenous software in private and public sectors using FinTrak Software as a case study and he further expanded on how regulatory agencies can support the growth of indigenous firms as well as the IT sector. Though an indigenous company, FinTrak Software has a global footprint.

ED Business Development, Ladi Ipaye at the FinTrak Software Stand

 

More:

ICTLOCA is the association responsible for the protection of interest of local ICT practitioners, enforcement and implementation of the NOGICD Act and other local content policies of government on the use and deployment of indigenous Information Communication Technology products and services in the oil and gas sector and other sectors of the Nigerian economy for the benefit of local ICT practitioners.

NOTAP is one of the 17 agencies under the Federal Ministry of Science and Technology established to regulate the inflow of technology in the country.

post

Agile Security for Agile Software Development

The presence of agile software development brought some ideals to software development methodology, maybe that’s why it did not take long before it gained wide acceptance. The manifesto of agile adapted to software development life cycle (SDLC) can as well improve the security status of applications which currently serves as the most exploited threat vector across the globe and reported by Symantec to have increased by 30 percent this year (web applications).

Agile

From experience, the “agility” of software development process increases vulnerability of software. Adapting the Agile development process manifesto to improve software security will boost applications security. Agile manifesto as found applicable to software security is described below:

Agile promises to value individuals and interactions over processes or tools. This concept is great for business relationship between software vendors and their clients. Adapting agile to software security, individuals, for instance, users and interactions with the system should be discussed as part of the security requirements and well measured to decide the risk appetite of the organization. While processes and tools are important, individuals and interactions eventually decide the efficacy of the security.

Agile promises working software over comprehensive documentation. The details of what makes how a software works is not as important as if the software works. However, the fact that software is working does not make it secure neither does it guarantee its quality. So, for agile security, we prefer working security over comprehensive documentation. Simply should be risk-based and not tick-the-box security.
7998262_orig

Agile promises customer collaboration over contract negotiation. In order to improve the security of SDLC, customers and good understanding of business objectives is imperative over negotiations and deliberations. It is in understanding of the customers and their business that facilitates business collaboration and hence collaboration for secure software.

Agile promises responding to change over following a plan. Change is constant and growth is change in itself, which is another reason why continuous monitoring is imperative in agile security. Threat analyzed through modelling and risk defined software security is a more decent approach and when a change is made agile security requires that it’s security is responsive, that is, re-calibrated to reduce the risk posture of the organization.

However, as discussed in the agile manifesto it is not a bad idea to follow plans, negotiate contract, document comprehensively or rely on process and tools. It is more expedient to follow the left-side options. While we deliver software with agile process, we can adopt agile security concept for a brilliant, better and secure application.