Experiment No.

Aim: To prepare RMMM plan for the Rental Property Management System.

Theory:
Planning the risk management
The proactive strategy for risk estimation is used which helps us in identifying the possible threats
that can occur during the project well in advance. Accordingly, steps to avoid, monitor and manage
the risk are to be carried out and noted down in the form of RMMM plan.
Example:
THE RMMM PLAN
A risk management strategy can be included in the software project plan or the risk management
steps can be organized into a separate Risk Mitigation, Monitoring and Management Plan. The
RMMM plan documents all work performed as part of risk analysis and is used by the project
manager as part of the overall project plan. Some software teams do not develop a formal RMMM
document. Rather, each risk is documented individually using a risk information sheet (RIS) . In
most cases, the RIS is maintained using a database system, so that creation and information
entry, priority ordering, searches, and other analysis may be accomplished easily.
Once RMMM has been documented and the project has begun, risk mitigation and monitoring
steps commence. As we have already discussed, risk mitigation is a problem avoidance activity.
Risk monitoring is a project tracking activity with three primary objectives:
(1) to assess whether predicted risks do, in fact, occur
(2) to ensure that risk aversion steps defined for the risk are being properly applied
(3) to collect information that can be used for future risk analysis. In many cases, the problems
that occur during a project can be traced to more than one risk. Another job of risk monitoring is to
attempt to allocate origin (what risk(s) caused which problems throughout the project).

Identifying Risks:
Risk ID Risk Summary Probability Impact Risk Exposure
1 Use of platform by brokers 80% 1 Rs. 72,000/month
2 Misuse of the platform 70% 1 Rs. 56,000/month
3 Old data about properties 60% 2 Rs. 48,000/month
4 Financial loss due to malware 50% 2 Rs. 20,000/month
5 Violation of privacy 40% 3 Rs. 16,000/month

Impact:
1 – Catastrophic
2 – Critical
3 – Marginal
4 – Negligible
Sorting the risks on the basis of their risk exposure:

Risk ID Risk Summary Probability Impact Risk Exposure

1 Use of platform by brokers 80% 1 Rs. 72,000/month
2 Misuse of the platform 70% 1 Rs. 56,000/month
3 Old data about properties 60% 2 Rs. 48,000/month
4 Financial loss due to malware 50% 2 Rs. 20,000/month
5 Violation of privacy 40% 3 Rs. 16,000/month

Impact:
1 – Catastrophic
2 – Critical
3 – Marginal
4 – Negligible
Risk Exposure:
Risk: Use of platform by brokers
The platform is meant to be used by owners and tenants. However, in order to get more
customers, several brokers may use the platform in the name of the owner or tenant. This will
defeat the purpose of developing the platform which was to eliminate the need of brokers in the
business of properties. Additionally, this may cause users to switch to other platforms or avail the
services of a broker in order to buy, sell or rent properties.

Risk Probability: 80%

Risk Impact:
The risk impact would be catastrophic as this would defeat the whole purpose of developing such
an application. It would not eliminate the need of brokers and would only increase the demand for
brokers. Brokers may surge prices of properties on the platform which would ultimately lead to
users switching to other platforms.
The risk can be mitigated by giving tenants and owners an option to contact each other for the
buying or selling of property. If the user is not an owner or a tenant, he will have the option to mark
the property as invalid in the application. Such marked properties will be analysed by a department
which will look into the matter and decide whether the property should be removed from the
platform or not.
The department would consist of two members with charges of Rs. 45,000/month. For two
members it would amount to Rs. 90,000/month.

Risk Exposure:
RE = 0.8 x Rs. 90,000 = Rs. 72,000/month.
Risk Information Sheet:

Risk ID: 1 Date: 25/03/2021 Probability: 80% Impact: Catastrophic

Description:
Several brokers may use the platform in the name of the owner or tenant. This will defeat the
purpose of developing the platform which was to eliminate the need of brokers in the business of
properties.

Refinement/Context:
Sub condition 1:
Several brokers may use the platform to sell the properties that they have. In order to gain
profits, they may surge the prices of the properties which would lead to buyers switching to other
platforms

Mitigation/Monitoring:
1. Users will get an option to contact owner/tenant, and mark the property as valid/invalid.
2. Accounts of such users will be blocked.

Management:
RE computed to be Rs. 72,000 per month.

Current Status:
Mitigation steps to be initiated.

Originator: Girik Shroff Assigned: Kashita Talreja

Risk Exposure:
Risk: Misuse of the platform.
The application contains an advertisement section for use only for tenants in order to find room
partners. However, the advertisements section can be used by agencies, brokers, or even users to
advertise their products. This would lead to a lot of irrelevant content on the website and users
would find it difficult to search for properties and room partners.

Risk Probability: 70%

Risk Impact:
The risk impact would be catastrophic as this would lead to collection of content on the website
which is not related to buying, selling and renting of properties. Due to difficulty in searching
properties users would move to other websites/platforms.
The risk can be mitigated by giving users to mark and advertise as invalid. A department
consisting of two members would be set up to analyse posts/advertisements that are not related to
the platform. If these posts are irrelevant, they would be removed from the platform and the
accounts posting such content will be blocked.
The department would consist of two members with charges of Rs. 40,000/month. For two
members it would amount to Rs. 80,000/month.

Risk Exposure:
RE = 0.7 x Rs. 80,000 = Rs. 56,000/month.
Risk Information Sheet:

Risk ID: 2 Date: 25/03/2021 Probability: 70% Impact: Catastrophic

Description:
The advertisements section of the website may be used by advertisement agencies to advertise
their products. This would lead to users finding it difficult to find room partners or properties.
Also, genuine posts will not be seen by users.

Refinement/Context:
Sub condition 1:
Advertisement companies using the platform to advertise products.

Sub condition 2:
Fraudulent advertisements in the advertisement section would lead to users starting to lose trust
on the platform which may lead to users switching to other platforms.
Mitigation/Monitoring:
1. Users will get an option to mark an advertisement as invalid if it is not related to
properties or room partners.
2. Accounts of such users will be blocked.
3. Irrelevant content posted will be removed.

Management:
RE computed to be Rs. 56,000 per month.

Current Status:
Mitigation steps to be initiated.

Originator: Girik Shroff Assigned: Kashita Talreja

Risk Exposure:
Risk: Old data about properties.
The application will have data of several properties in the database. However, a large number of
properties will be older properties that are already rented out are sold and hence of no use to
users. But querying such a huge database will take a long time and hence will degrade the
performance of the application.

Risk Probability: 70%

Risk Impact:
The risk impact would be critical as this would seriously affect the performance of the website. The
increase in loading time of the website would lead to unsatisfied users. These users may switch to
other websites. Therefore, there is a very big need to identify properties that are already
rented/sold out.
The risk can be mitigated by contacting owners of properties that are older than 2 months. If the
property has been sold out, the property will be removed from the database, in order to keep
minimum information. For this, a department would be set up to contact owners via mail or
telephone.
The department would consist of two members with charges of Rs. 40,000/month. For two
members it would amount to Rs. 80,000/month.

Risk Exposure:
RE = 0.6 x Rs. 80,000 = Rs. 48,000/month.
Risk Information Sheet:

Risk ID: 3 Date: 25/03/2021 Probability: 60% Impact: Critical

Description:
Properties that have been sold out or rented out may not be deleted by the owners of the
property from the platform. Such properties would then appear in the search results of the users
but would not be available. It would also increase time to find out properties, making it difficult
for users.
Refinement/Context:
Sub condition 1:
Old properties may not have been removed from the platform.

Sub condition 2:
Such old properties in the database would lead to a lot of time in querying the database
depending on the user filters. This would degrade he website performance.

Mitigation/Monitoring:
1. Department to be set up to contact users and ask them about the property.
2. If the property has been sold out, it will be removed from the database.

Management:
RE computed to be Rs. 48,000 per month.

Current Status:
Mitigation steps to be initiated.

Originator: Girik Shroff Assigned: Archit Shinde

Risk Exposure:
Risk: Financial Loss due to malware. Currently malware cannot be detected by traditional way
based anti-malware tools due to their polymorphic and/or metamorphic nature. Here we have
improvised a current detection technique of malware based on mining Application Programming
Interface (API) calls and developed the first public dataset to promote malware research.
Risk Probability: 50%

Risk Impact:
Malware can cause significant loss and incur substantial costs to organizations. The desire to
avoid detection coupled with often lucrative nature of malware development means that there is a
high probability that new malware is developed it will likely utilise unknown techniques. Though it
can be mitigated by using some firewalls to prevent malware attacks via input details. This can
reduce their attacks by a great margin. The cost can go up to Rs. 40,000 per month.
Risk Exposure:
RE = 0.5 x Rs. 40,000 = Rs. 20,000/month.
Risk Information Sheet:

Risk ID: 4 Date: 25/03/2021 Probability: 50% Impact: Critical

Description:
Malware attacks can cause significant loss to the organization and can lead to several hours of
downtime. Downtime will reduce revenue and would also disappoint the users of the application.
It may also lead to leakage of sensitive data of the users.

Refinement/Context:
Sub condition 1:
Malware can slow down a user’s computer and has the ability to crash some websites. It can
infect your computer and use it as a server to broadcast various files or attacks.

Sub condition 2:
Malware can send emails you did not write getting you or your company in trouble which
can result in the company's huge loss. To minimize these attacks firewalls are used.

Mitigation/Monitoring:
1. Use of antivirus, firewalls and anti-malware software.
2. Monitoring should be in place to verify the security state of:
a. Update your operating system, browsers, and plugins.
b. Read the emails with eagle eyes.
c. Don’t believe cold callers.
d. Don’t call fake tech support.
e. Make sure you’re on a secure connection.
f. Use strong passwords or password managers.

Management:
RE computed to be Rs. 20,000 per month.

Current Status:
Mitigation steps to be initiated.

Originator: Archit Shinde Assigned: Girik Shroff

Risk Exposure:
Risk: Privacy Violation
In today’s world, data is the new oil. Therefore companies, organizations and hackers are always
on the lookout for more and more data. This has increased the risk of hackers trying to mine
important user data.

Risk Probability: 40%

Risk Impact:
Privacy violation may lead to accounts getting hacked, identity theft, impersonation, targeted ads
as well as wrong people seeing the information. This could also harm the reputation of the
platform and people would soon lose trust in the application. Information about properties could
also be used by other competitors. Contact information about users may be used for marketing
purposes.
This can be mitigated by outsourcing cloud security to cloud provider such as Cloudfare. This will
cost up to Rs. 20,000 per month.
Risk Exposure:
RE = 0.4 x Rs. 40,000 = Rs. 16,000/month.
Risk Information Sheet:

Risk ID: 5 Date: 25/03/2021 Probability: 40% Impact: Marginal

Description:
In today’s world, data is the new oil. Therefore companies, organizations and hackers are
always on the lookout for more and more data. This has increased the risk of hackers trying to
mine important user data.

Refinement/Context:
Sub condition 1:
Hackers may attempt to steal personal information of users such as email addresses and
passwords.

Sub condition 2:
Activity log of the users can also be targeted with the intention to analyse this data and provide
targeted ads to the user. This is a serious breach of privacy.

Mitigation/Monitoring:
1. Creation of automatic backups of the database.
2. Monitoring should be in place to verify the security state of:
a. DNS records
b. SSL certificates
c. Web server configuration
d. Application updates
e. User access
f. File integrity

Management:
RE computed to be Rs. 16,000 per month.

Current Status:
Mitigation steps to be initiated.

Originator: Archit Shinde Assigned: Kashita Talreja