Managing Data Security Risk in Model Software As A Service (SAAS)

Nooraidaniza Jafri, Maryati Mohd Yusof


Software as a Service (SaaS) model has been frequently applied in organisation that used cloud services. SaaS is a new Information Technology that provides dynamic services through Internet to the user. Alhough this technology is beneficial and cost-effective for information technology hosting, it also introduced new threats and risks, particularly in user’s information security. The paper identifies risk in data security of the SaaS Model and their respective mitigation control based on ISO/IEC 27001:2013 standard. A qualitative case study was conducted at a public sector agency involving three types of data collection, interviews, observations and document analysis. We identified seven risk of data security for SaaS Model namely data privacy, data integrity, data availability, data control, data encryption, data violation, and data access. The findings can be used to develop SaaS implementation guidelines or policies, particularly in data security.


Risk management, data security, information security as a Service, SaaS, cloud computing

Full Text:



  • There are currently no refbacks.

e-ISSN : 2289-2192

For any inquiry regarding our journal please contact our editorial board by email