MANAGING DATA SECURITY RISK IN MODEL SOFTWARE AS A SERVICE (SAAS)

Software as a Service (SaaS) model has been frequently applied in organisation that used cloud services. SaaS is a new information technology that provides dynamic services through Internet to the user. Alhough this technology is beneficial and cost-effective for information technology hosting, it also introduced new threats and risks, particularly in user’s information security. The paper identifies risk in data security of the SaaS Model and their respective mitigation control based on ISO/IEC 27001:2013 standard. A qualitative case study was conducted at a public sector agency involving three types of data collection, interviews, observations and document analysis. We identified seven risk of data security for SaaS Model namely data privacy, data integrity, data availability, data control, data encryption, data violation, and data access. The findings can be used to develop SaaS implementation guidelines or policies, particularly in data security.