Incident Response is the part of security that includes all the security activity after an event has happened, i.e. responding to security incidents rather than preventing them. a) i) Outline the four main phases of incident response. [4 marks] ii) How does incident response relate to risk?

ii) Discuss an ethical problem with performing a digital forensic investigation as part of incident response, including how the ethical issue might be addressed.

b) A software company that develops mobile games has discovered it has been attacked and unreleased code has been downloaded. During the incident response it was discovered that one of the software engineers working on the code had clicked on an email attachment containing malware.

i) Where in the so-called Kill Chain does the malware fit?

ii) How could this company use the experience of this attack to improve their risk assessment?