This case study report evaluates the security and privacy risks associated with the Department of Administrative Services (DAS) in Australia, which is transitioning to a Shared Services model and implementing a SaaS solution for HR and personnel management. The report identifies and analyzes various security threats, including password risks, email security, unauthenticated connections, phishing, and unauthorized application installations. It differentiates between existing risks and new risks arising from the SaaS implementation, focusing on employee data security, data accessibility, and identity management. The analysis covers both existing and new security threats, assessing their likelihood, impact, and priority, and proposes preventive actions and contingency plans. Furthermore, the report discusses privacy concerns, examining issues like lack of security over web applications, poorly trained employees, and problems with session expiration, along with potential mitigation strategies. This detailed risk assessment provides insights into securing employee data in a cloud environment, addressing data breaches, and ensuring data privacy.
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
