Development of a Risk Management Framework for Software as a Service Provider


Authors : Rachelle De Los Santos

Volume/Issue : Volume 6 - 2021, Issue 11 - November

Google Scholar : http://bitly.ws/gu88

Scribd : https://bit.ly/3GELwyh

Abstract : The adoption of Software as a Service (SaaS) is becoming prevalent. With its ease of use and cost savings in time and management, many customers are shifting to usage of third- party applications to help them streamline and manage their business processes efficiently and effectively. SaaS providers must ensure that customer data is secure. To effectively manage the risks surrounding SaaS provider’s IT infrastructure, a risk management framework was developed to identify, mitigate and evaluate potential impact of risks. This framework provided visibility into infrastructure security risks. It mapped the infrastructure of SaaS provider in compliance with ISO 31000:2018 and NIST Cyber security Framework. The risk management framework helped the SaaS provider better understand the security risks surrounding its SaaS solution. It also helped in the secure deployment of SaaS projects to drive improved user experience and high customer satisfaction. The gap assessment showed the areas where improvement must be made. Additional scenarios and continuous monitoring are needed to avoid a false sense of security

Keywords : SaaS; risk management framework; security controls

The adoption of Software as a Service (SaaS) is becoming prevalent. With its ease of use and cost savings in time and management, many customers are shifting to usage of third- party applications to help them streamline and manage their business processes efficiently and effectively. SaaS providers must ensure that customer data is secure. To effectively manage the risks surrounding SaaS provider’s IT infrastructure, a risk management framework was developed to identify, mitigate and evaluate potential impact of risks. This framework provided visibility into infrastructure security risks. It mapped the infrastructure of SaaS provider in compliance with ISO 31000:2018 and NIST Cyber security Framework. The risk management framework helped the SaaS provider better understand the security risks surrounding its SaaS solution. It also helped in the secure deployment of SaaS projects to drive improved user experience and high customer satisfaction. The gap assessment showed the areas where improvement must be made. Additional scenarios and continuous monitoring are needed to avoid a false sense of security

Keywords : SaaS; risk management framework; security controls

Video Explanation for Published paper

Never miss an update from Papermashup

Get notified about the latest tutorials and downloads.

Subscribe by Email

Get alerts directly into your inbox after each post and stay updated.
Subscribe
OR

Subscribe by RSS

Add our RSS to your feedreader to get regular updates from us.
Subscribe