Information Security Management at Marks and Spencer (M&S) in the UK
VerifiedAdded on  2023/01/19
|34
|9748
|81
Report
AI Summary
This report presents a comprehensive analysis of information security management strategies within the context of the UK retail sector, using Marks and Spencer (M&S) as a case study. The study investigates the implementation of information security measures to mitigate the risks of data breaches and cyber-attacks, aiming to enhance customer confidence. The research encompasses a literature review to establish a theoretical framework, followed by a qualitative methodology employing both primary and secondary data sources, including surveys. The report examines the challenges faced by M&S regarding cybersecurity, particularly in light of the Epsilon data breach, and proposes recommendations and an action plan to improve cyber resilience and protect sensitive customer information. The findings and discussion sections present the analysis of the collected data, leading to conclusions and recommendations for future research. The report also includes an evaluation of the methodologies used and addresses limitations, providing insights into the effectiveness of information security management strategies in a dynamic business environment.
Corporate Strategy and
governance research
(âImplementing information security management strategy to
reduce the threats of data breaches and cyber-attacks to
improve customer confidence in the UK retail sector- A case
study of Marks and Spencerâ)
governance research
(âImplementing information security management strategy to
reduce the threats of data breaches and cyber-attacks to
improve customer confidence in the UK retail sector- A case
study of Marks and Spencerâ)
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Executive Summary
The present study aim to analysing the effectiveness of implementing information
security management strategy to reduce the threats of information breaches and cyber attacks to
improve customers confidence in the UK retail sector. Information security management strategy
is defines as the control which a business requires to execute to ensure that it is sensibly
protecting the confidentiality, availability and integrity of assets through threats and
vulnerabilities. Therefore, in today's modern business environment it is important for the
businesses to execute appropriate information security management strategy for the purpose of
reducing the chances of information breaches and cyber attacks. Marks and Spencer is the
chosen organisation for this particular study as it is the largest British multinational fashion retail
company which is facing the issue of epsilon data breach in which customers emails are stole, so
in this suitable aim and objectives are created to support the work with accumulation of
appropriate information. In this study, literature review is executed to develop understanding in
regards to the chosen subject area. In addition to this, the overall study is based on qualitative
method as it is supportive in executing detailed analysing with actual facts and figures. Despite
from this, primary as well as secondary both the tools are applicable in drawing valid and
reliable results. Thus primary investigation is executed via the support of survey in which
questionnaire is developed which covers the aim and objectives of the research. At the end of the
investigation conclusion and recommendation are developed over the outcome of the research.
The present study aim to analysing the effectiveness of implementing information
security management strategy to reduce the threats of information breaches and cyber attacks to
improve customers confidence in the UK retail sector. Information security management strategy
is defines as the control which a business requires to execute to ensure that it is sensibly
protecting the confidentiality, availability and integrity of assets through threats and
vulnerabilities. Therefore, in today's modern business environment it is important for the
businesses to execute appropriate information security management strategy for the purpose of
reducing the chances of information breaches and cyber attacks. Marks and Spencer is the
chosen organisation for this particular study as it is the largest British multinational fashion retail
company which is facing the issue of epsilon data breach in which customers emails are stole, so
in this suitable aim and objectives are created to support the work with accumulation of
appropriate information. In this study, literature review is executed to develop understanding in
regards to the chosen subject area. In addition to this, the overall study is based on qualitative
method as it is supportive in executing detailed analysing with actual facts and figures. Despite
from this, primary as well as secondary both the tools are applicable in drawing valid and
reliable results. Thus primary investigation is executed via the support of survey in which
questionnaire is developed which covers the aim and objectives of the research. At the end of the
investigation conclusion and recommendation are developed over the outcome of the research.
Table of Contents
Executive Summary ........................................................................................................................3
Chapter 1: Introduction ...................................................................................................................1
Chapter 2: Literature Review ..........................................................................................................5
Chapter 3: Research Methodology...................................................................................................9
Ethical Consideration ....................................................................................................................11
Chapter 4: Data Analysis and Interpretation .................................................................................13
Chapter 5: Findings and Discussion .............................................................................................25
Chapter 6: Recommendations and Action Plan.............................................................................26
Chapter 7: Evaluation and limitations in the methods and approaches used for the study............28
Chapter 8: Conclusion and areas for Future Research...................................................................28
References .....................................................................................................................................30
Executive Summary ........................................................................................................................3
Chapter 1: Introduction ...................................................................................................................1
Chapter 2: Literature Review ..........................................................................................................5
Chapter 3: Research Methodology...................................................................................................9
Ethical Consideration ....................................................................................................................11
Chapter 4: Data Analysis and Interpretation .................................................................................13
Chapter 5: Findings and Discussion .............................................................................................25
Chapter 6: Recommendations and Action Plan.............................................................................26
Chapter 7: Evaluation and limitations in the methods and approaches used for the study............28
Chapter 8: Conclusion and areas for Future Research...................................................................28
References .....................................................................................................................................30
â This is a preview!â
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
Chapter 1: Introduction
Overview of the Research
Cybersecurity defined as the practices of reducing cyber risk via the protection of the whole
information technology infrastructure, involving systems, applications, hardware, software and
information. In the modern business environment, the key focus of the business is to attain
higher growth and success at the market place and for this business are concern over making
transactions with other business or countries (Abawajy, 2014). Thus an increase in international
operations has created an issue in the security of information that is confidential in nature. So
businesses are concern over implementing different strategies of information security with
respect to reducing the threat of data breach and cyber-attacks with respect to reducing
confidence in the UK retail sector. In today's digital world, the retail sector is growing very fast
with the suitable implementation of digital technologies. Therefore, the organisations are also
facing issues regarding the theft of information, breaching of confidential data. So it is important
for the businesses to implement information security management strategy to reduce the threat of
information in respect to improving customer confidence in the UK retail sector. Businesses in
the retail sector are focuses on improvising cyber resilience to enhance customer confidence.
Thus, cyber resilience security management strategy is referred as the ability to prepare for,
respond to any recover through cyberattacks; therefore, it mainly helps an organisation to protect
in against of cyber risk, defend against and limit the severity of attacks and ensure its continued
survival despite an attack. In the present investigation work, Marks and Spencer is the chosen
organisation; therefore it is a large British Multinational retailer, which has its global business
operation; however, the business is facing the issues related with cybersecurity as Marks and
Spencer has global business operations. This report contains a study of the different strategies of
information security management in order to reduce the threat of data breach and cyber-attacks.
In this aim and objectives are created to providing support to the work. Thus literature review is
effective in developing an in-depth theoretical framework which is effective in developing an
appropriate understanding in regards to the similar subject area. In addition to this, a suitable
selection of methodologies is effective in providing suitable assistance to the work in carrying
out the work in the right manner. Furthermore, data analysis will support through conducting a
survey via the help of developing questionnaire which is effective in conducting the work in the
right manner through gathering primary information (Ahmad, Maynard and Park, 2014). At the
1
Overview of the Research
Cybersecurity defined as the practices of reducing cyber risk via the protection of the whole
information technology infrastructure, involving systems, applications, hardware, software and
information. In the modern business environment, the key focus of the business is to attain
higher growth and success at the market place and for this business are concern over making
transactions with other business or countries (Abawajy, 2014). Thus an increase in international
operations has created an issue in the security of information that is confidential in nature. So
businesses are concern over implementing different strategies of information security with
respect to reducing the threat of data breach and cyber-attacks with respect to reducing
confidence in the UK retail sector. In today's digital world, the retail sector is growing very fast
with the suitable implementation of digital technologies. Therefore, the organisations are also
facing issues regarding the theft of information, breaching of confidential data. So it is important
for the businesses to implement information security management strategy to reduce the threat of
information in respect to improving customer confidence in the UK retail sector. Businesses in
the retail sector are focuses on improvising cyber resilience to enhance customer confidence.
Thus, cyber resilience security management strategy is referred as the ability to prepare for,
respond to any recover through cyberattacks; therefore, it mainly helps an organisation to protect
in against of cyber risk, defend against and limit the severity of attacks and ensure its continued
survival despite an attack. In the present investigation work, Marks and Spencer is the chosen
organisation; therefore it is a large British Multinational retailer, which has its global business
operation; however, the business is facing the issues related with cybersecurity as Marks and
Spencer has global business operations. This report contains a study of the different strategies of
information security management in order to reduce the threat of data breach and cyber-attacks.
In this aim and objectives are created to providing support to the work. Thus literature review is
effective in developing an in-depth theoretical framework which is effective in developing an
appropriate understanding in regards to the similar subject area. In addition to this, a suitable
selection of methodologies is effective in providing suitable assistance to the work in carrying
out the work in the right manner. Furthermore, data analysis will support through conducting a
survey via the help of developing questionnaire which is effective in conducting the work in the
right manner through gathering primary information (Ahmad, Maynard and Park, 2014). At the
1
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
end of research conclusion and recommendations are made over the findings of the research.
Along with this reflection is developed to discussing the personal experience of the researcher.
Background of the Research
In the competitive business scenario, organisations are concern over expanding their
businesses at the global level. Therefore higher business opportunities increase the interaction of
the business with other organisation of different countries and for implementing good
communication businesses are using advance and modern technologies which are significant in
terms of developing organisational performance, but in somehow these are also having negative
influences in the manner when an individual is using them in the wrong manner. In the modern
business era, cyber resilience is rapidly gaining recognition as the businesses are very much
concern over implementing appropriate strategies to protecting their operations from the cyber
attacks, breach of information etc. in respect to developing the trust of customers. Marks and
Spencer is the chosen organisation for this particular project as it is effective in developing a
better understanding in regards to a similar area of study. The company was founded in the year
1884 by the significant efforts of Michael Marks and Thomas Spencer. Marks and Spencer is the
fastest-growing British retailer business, which has its operations all over the world (Aleem,
Wakefield and Button, 2013). The headquarter of the firm is in Westminister, London, United
Kingdom. The company is mainly operating in selling high-quality articles of clothing, home
products and food products. It is a public limited company which is operating in around 1463
locations, and the company is having around 80,787 employees, who are working for enhancing
the potential of business at the market place. The company has its global business operations and
for this company is facing issue related with cybersecurity, so it is fundamental for the business
implement strategies that are effective in reducing the threat of data breach and cyber-attacks
related with information security management. The retail industry in UK is recognised as the
largest private sector employer with the almost three million workers. The retail industry plays
vital role in the growth of UK economy, thus in the year of 2018 the sales of retail sector has
generated at around ÂŁ381 billion which represents the growth of retail sector. However, the retail
sector of UK has rising by 10 percent to 440.5 billion euros. The overall market value of this
sector is expected to increase at 453 billion in the year of 2020. Marks and Spencer is the biggest
fashion retail which plays a vital role in the growth and development of UK economy. Marks &
Spencer is a large fashion retail business, which operates through online as well as offline stores.
2
Along with this reflection is developed to discussing the personal experience of the researcher.
Background of the Research
In the competitive business scenario, organisations are concern over expanding their
businesses at the global level. Therefore higher business opportunities increase the interaction of
the business with other organisation of different countries and for implementing good
communication businesses are using advance and modern technologies which are significant in
terms of developing organisational performance, but in somehow these are also having negative
influences in the manner when an individual is using them in the wrong manner. In the modern
business era, cyber resilience is rapidly gaining recognition as the businesses are very much
concern over implementing appropriate strategies to protecting their operations from the cyber
attacks, breach of information etc. in respect to developing the trust of customers. Marks and
Spencer is the chosen organisation for this particular project as it is effective in developing a
better understanding in regards to a similar area of study. The company was founded in the year
1884 by the significant efforts of Michael Marks and Thomas Spencer. Marks and Spencer is the
fastest-growing British retailer business, which has its operations all over the world (Aleem,
Wakefield and Button, 2013). The headquarter of the firm is in Westminister, London, United
Kingdom. The company is mainly operating in selling high-quality articles of clothing, home
products and food products. It is a public limited company which is operating in around 1463
locations, and the company is having around 80,787 employees, who are working for enhancing
the potential of business at the market place. The company has its global business operations and
for this company is facing issue related with cybersecurity, so it is fundamental for the business
implement strategies that are effective in reducing the threat of data breach and cyber-attacks
related with information security management. The retail industry in UK is recognised as the
largest private sector employer with the almost three million workers. The retail industry plays
vital role in the growth of UK economy, thus in the year of 2018 the sales of retail sector has
generated at around ÂŁ381 billion which represents the growth of retail sector. However, the retail
sector of UK has rising by 10 percent to 440.5 billion euros. The overall market value of this
sector is expected to increase at 453 billion in the year of 2020. Marks and Spencer is the biggest
fashion retail which plays a vital role in the growth and development of UK economy. Marks &
Spencer is a large fashion retail business, which operates through online as well as offline stores.
2
Before few decades company is facing the issue of data breach as the firm was affected by the
attack of email marketing firm Epsilon (Epsilon data breach: Marks & Spencer customers'
emails stolen). Marks & Spencer has deal with number of people and whose emails have been
stolen in a huge US internet security breach. However, with the stolen of emails, people can see
others private information in regards to their credit card, debit card etc. This affects the overall
functions of M&S. This issue was probably resolved by the investigation from the UK
information commissioner's office. Therefore, the US does not follow the same data protection
laws as the UK and Europe over privacy and security, business that pass UK citizens private data
to US based business are needs to ensure that the destination has a proper safe Harbour
management to safeguard the information to European standards.
The rationale of the Research
The research into consideration is based on Implementing information security
management strategy to reduce the threats of data breaches and cyber-attacks to improve
customer confidence in the UK retail sector. This is a wide area of academic research which is
effective in exploring the idea and knowledge base of the researcher in the specified area of
work. Therefore this study is also effective in enhancing the personal as well as professional
skills and ability of an individual, learner and researcher (Bendovschi, 2015). The major purpose
behind conducting research is the personal interest of the researcher as the investigator willing to
gain knowledge regarding cyber resilience regarding enhancing customers confidence in a
business to decrease the risk of threat or breach of information and cyber attacks. This
investigation is mainly taken into consideration because it is the latest issue which has taken
place in today's modern business environment. So the understanding this area is effective for the
businesses or the individual who is having their career goals in a similar area. This study is also
effective in terms of future perspective; thus, this is effectual in providing suitable assistance to
the individual in attempting their future projects in a more effective manner. This study explores
the issue, which is faced by Marks and Spencer due to breach of data by the attack of email
marketing firm Epsilon (Marks & Spencer data compromise not a hack). The company is around
with millions of customers who are making their purchase through online and offline stores,
therefore, the email of customers has stolen by the computer hackers and stole the personal
information of the customers like their personal data, credit and debit card information etc. This
has a huge influence over the brand image of the firm.
3
attack of email marketing firm Epsilon (Epsilon data breach: Marks & Spencer customers'
emails stolen). Marks & Spencer has deal with number of people and whose emails have been
stolen in a huge US internet security breach. However, with the stolen of emails, people can see
others private information in regards to their credit card, debit card etc. This affects the overall
functions of M&S. This issue was probably resolved by the investigation from the UK
information commissioner's office. Therefore, the US does not follow the same data protection
laws as the UK and Europe over privacy and security, business that pass UK citizens private data
to US based business are needs to ensure that the destination has a proper safe Harbour
management to safeguard the information to European standards.
The rationale of the Research
The research into consideration is based on Implementing information security
management strategy to reduce the threats of data breaches and cyber-attacks to improve
customer confidence in the UK retail sector. This is a wide area of academic research which is
effective in exploring the idea and knowledge base of the researcher in the specified area of
work. Therefore this study is also effective in enhancing the personal as well as professional
skills and ability of an individual, learner and researcher (Bendovschi, 2015). The major purpose
behind conducting research is the personal interest of the researcher as the investigator willing to
gain knowledge regarding cyber resilience regarding enhancing customers confidence in a
business to decrease the risk of threat or breach of information and cyber attacks. This
investigation is mainly taken into consideration because it is the latest issue which has taken
place in today's modern business environment. So the understanding this area is effective for the
businesses or the individual who is having their career goals in a similar area. This study is also
effective in terms of future perspective; thus, this is effectual in providing suitable assistance to
the individual in attempting their future projects in a more effective manner. This study explores
the issue, which is faced by Marks and Spencer due to breach of data by the attack of email
marketing firm Epsilon (Marks & Spencer data compromise not a hack). The company is around
with millions of customers who are making their purchase through online and offline stores,
therefore, the email of customers has stolen by the computer hackers and stole the personal
information of the customers like their personal data, credit and debit card information etc. This
has a huge influence over the brand image of the firm.
3
â This is a preview!â
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
Research Aim
This refers to the key area of an investigation. Thus is defined as the predetermined
statement, which is effective in defining the purpose and intention of investigation in an
appropriate manner. This part of the investigation is effective in assisting the overall work in the
right manner (Carcary, 2013). The key aim of this particular investigation is "To examine how
M&S can improve the cyber resilience to enhance customer confidence in the company to
decrease the risk of threat of breach of data and cyber-attacks. A case study on Marks and
Spencer.
Research Objectives
The potential objectives that are effective for this particular investigation are associated
as under:
ï· To understand the concept of information security management and cyber- attacks and
data breach.
ï· To discuss the challenges which the company faces in managing the information security.ï· To recommend some ways in order to overcome the challenges and identification of
future research areas.
Research questions
The major research questions that are effective in assisting the overall work are
associated as under:
ï· What is the concept of cyber resilience for improving customer confidence?
ï· How can a company improve cyber resilience to improve customer confidence?
ï· What are the different challenges which the company faces in managing the information
security?
4
This refers to the key area of an investigation. Thus is defined as the predetermined
statement, which is effective in defining the purpose and intention of investigation in an
appropriate manner. This part of the investigation is effective in assisting the overall work in the
right manner (Carcary, 2013). The key aim of this particular investigation is "To examine how
M&S can improve the cyber resilience to enhance customer confidence in the company to
decrease the risk of threat of breach of data and cyber-attacks. A case study on Marks and
Spencer.
Research Objectives
The potential objectives that are effective for this particular investigation are associated
as under:
ï· To understand the concept of information security management and cyber- attacks and
data breach.
ï· To discuss the challenges which the company faces in managing the information security.ï· To recommend some ways in order to overcome the challenges and identification of
future research areas.
Research questions
The major research questions that are effective in assisting the overall work are
associated as under:
ï· What is the concept of cyber resilience for improving customer confidence?
ï· How can a company improve cyber resilience to improve customer confidence?
ï· What are the different challenges which the company faces in managing the information
security?
4
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Chapter 2: Literature Review
This is the most imperative part of an investigation. Thus it is effective in conducting a
detailed evaluation of the chosen subject area and also assist the work in the right manner to
reaching the potential outcome. This part of the research is effective in creating a detailed
theoretical framework which would be efficacious in developing the understanding of the
individual or learner in regards to the chosen subject area (Chen, Desmet and Huygens, 2014).
The study into actual action is based on analysing the different types of strategies used to
implement information security management in the company to decrease the risk of threat of
breach of data and cyber-attacks. Therefore, in this part of the investigation, information
collection is mainly relaid upon the secondary source of data collection, i.e. books, journals,
published research articles, newspapers, magazines etc. This section mainly encompasses over
gathering information through the past areas, which are based on similar areas; thus, past
investigation mainly effective in assisting the overall work in the right manner.
The concept of cyber resilience for improving customer confidence.
As per the views expressed by Juliana De Groot, 2019, cyber resilience is defined as the
ability of a computing system to recover quickly, and it is mainly implemented in adverse
condition. In addition to this, cyber resilience determined as the notion which business requires
to be flexible and responsive to the cyber attack. Cyber resilience is recognised as the ability to
prefer for, respond to and recover through a cyber attack. In the context of the retail industry,
cyber resilience is effective in developing the customer's confidence through reducing the issues
arises through cyber-attacks and breach of information. Cyber resilience is mainly implemented
by the businesses to protect in against cyber risk that is defended in against and limit the severity
of attacks and ensure its continued survival despite an attack. Cyber resilience is a fairly new
area in the centre of information technology and has lately attained a vast momentum. In addition
to this, it is the ability of a business to withstand cybercrime, prepare for the possible threats and
create an effective action plan to recover through the issues which affect the business
performance. It is a comprehensive framework which aims at protecting the entire organization,
including its people, processes, and information from the cyber crisis. In the world full of
advancement in technologies and processes, businesses are concern over adopting high tech tools
and technologies for the purpose of maximising their profitability via developing productivity
and operations. Thus, organisations are also facing issue related to the data breach, cyber-attack
5
This is the most imperative part of an investigation. Thus it is effective in conducting a
detailed evaluation of the chosen subject area and also assist the work in the right manner to
reaching the potential outcome. This part of the research is effective in creating a detailed
theoretical framework which would be efficacious in developing the understanding of the
individual or learner in regards to the chosen subject area (Chen, Desmet and Huygens, 2014).
The study into actual action is based on analysing the different types of strategies used to
implement information security management in the company to decrease the risk of threat of
breach of data and cyber-attacks. Therefore, in this part of the investigation, information
collection is mainly relaid upon the secondary source of data collection, i.e. books, journals,
published research articles, newspapers, magazines etc. This section mainly encompasses over
gathering information through the past areas, which are based on similar areas; thus, past
investigation mainly effective in assisting the overall work in the right manner.
The concept of cyber resilience for improving customer confidence.
As per the views expressed by Juliana De Groot, 2019, cyber resilience is defined as the
ability of a computing system to recover quickly, and it is mainly implemented in adverse
condition. In addition to this, cyber resilience determined as the notion which business requires
to be flexible and responsive to the cyber attack. Cyber resilience is recognised as the ability to
prefer for, respond to and recover through a cyber attack. In the context of the retail industry,
cyber resilience is effective in developing the customer's confidence through reducing the issues
arises through cyber-attacks and breach of information. Cyber resilience is mainly implemented
by the businesses to protect in against cyber risk that is defended in against and limit the severity
of attacks and ensure its continued survival despite an attack. Cyber resilience is a fairly new
area in the centre of information technology and has lately attained a vast momentum. In addition
to this, it is the ability of a business to withstand cybercrime, prepare for the possible threats and
create an effective action plan to recover through the issues which affect the business
performance. It is a comprehensive framework which aims at protecting the entire organization,
including its people, processes, and information from the cyber crisis. In the world full of
advancement in technologies and processes, businesses are concern over adopting high tech tools
and technologies for the purpose of maximising their profitability via developing productivity
and operations. Thus, organisations are also facing issue related to the data breach, cyber-attack
5
and theft of their confidential information. Therefore, businesses like Marks and Spencer is
operating at the global level and also deals in high tech computer systems, so the threat of
leaking information, cyber-attacks are high. However, the primary motive of the business is to
effectively implement information security management system to reduce the errors of
cyberattacks, security issues and information breach. Due to high competition in the market, the
individual is concern over hacking the personal information about the firm or its strategic steps
which affects the overall functioning of the business in an adverse manner. Information security
management system, cyber-attacks and breaching of information are the different aspects on
which it is required to have appropriate knowledge regarding the areas for better implementation
of organisational operations and functions.
The ways the company can improve cyber resilience to improve customer confidence.
As per the views expressed by Ryan LaSalle, 2018, In the modern business environment,
the investment in cyber resilience has led to developing the performance, as the key of security
teams successfully defend in against of developing the number of cyber-attacks, that has doubled
in the past few years. Organisations now a day's are increasing their dependence over advance
tools and technologies but has also spawned a well-resourced cybercrime. Thus the cyber
resilience is mainly integrated within businesses as to effectively conducting management plans.
The term cyber resilience is not just consisted of the technology; it must also cover organisations
processes and people. It mainly defined as the ability to protect an individual's IT system and
recover through any breach, which is called as cyber resilience. According to the opinion
analysis of Madeline Howe and Anne Grahn, 2018, In today's modern businesses era, the living
of individual is very much based on digital tools and technologies, as normally people are using
digital platforms for fulfilling their desires, so it is important for the businesses to improve their
cyber resilience in respect to enhancing customers confidence at market place. An appropriate
security strategy is comprehensive and dynamic through the elasticity to respond to any sort of
security threat. Developing a security strategy is an elaborated procedure which includes initial
assessment, planning, implementation and constant monitoring (Fielder and et al., 2014). It may
also involve an aggregation of activities which covers conceivable threats and vulnerabilities:
policies and procedures, access management measures, communications systems, technologies
and systems integration practices. For instance: Marks and Spencer are operating at the global
level and deals in high-quality clothing, home products and food items and concern over
6
operating at the global level and also deals in high tech computer systems, so the threat of
leaking information, cyber-attacks are high. However, the primary motive of the business is to
effectively implement information security management system to reduce the errors of
cyberattacks, security issues and information breach. Due to high competition in the market, the
individual is concern over hacking the personal information about the firm or its strategic steps
which affects the overall functioning of the business in an adverse manner. Information security
management system, cyber-attacks and breaching of information are the different aspects on
which it is required to have appropriate knowledge regarding the areas for better implementation
of organisational operations and functions.
The ways the company can improve cyber resilience to improve customer confidence.
As per the views expressed by Ryan LaSalle, 2018, In the modern business environment,
the investment in cyber resilience has led to developing the performance, as the key of security
teams successfully defend in against of developing the number of cyber-attacks, that has doubled
in the past few years. Organisations now a day's are increasing their dependence over advance
tools and technologies but has also spawned a well-resourced cybercrime. Thus the cyber
resilience is mainly integrated within businesses as to effectively conducting management plans.
The term cyber resilience is not just consisted of the technology; it must also cover organisations
processes and people. It mainly defined as the ability to protect an individual's IT system and
recover through any breach, which is called as cyber resilience. According to the opinion
analysis of Madeline Howe and Anne Grahn, 2018, In today's modern businesses era, the living
of individual is very much based on digital tools and technologies, as normally people are using
digital platforms for fulfilling their desires, so it is important for the businesses to improve their
cyber resilience in respect to enhancing customers confidence at market place. An appropriate
security strategy is comprehensive and dynamic through the elasticity to respond to any sort of
security threat. Developing a security strategy is an elaborated procedure which includes initial
assessment, planning, implementation and constant monitoring (Fielder and et al., 2014). It may
also involve an aggregation of activities which covers conceivable threats and vulnerabilities:
policies and procedures, access management measures, communications systems, technologies
and systems integration practices. For instance: Marks and Spencer are operating at the global
level and deals in high-quality clothing, home products and food items and concern over
6
â This is a preview!â
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
implementing different strategies of managing the information security for the issues of cyber
attacks, thefts of private information, data breach etc.
Cyber resilience and competitive advantage
As per the opinion analysis of Terena Bell, 2018, cyber resilience is defined as the
measure of how effectively a business can execute its operations during a information breach or
cyber attacks. In addition to this, cyber resilience is also defined as the ability of a business to
recover quickly from deliberate attacks; or incidents regard to the use of information and
communication technologies. Therefore, cyber resilience is an effective procedure for the
business and widely implemented through the businesses due to increase in cyber attacks, thus it
protects the business information and helps the business in attaining higher competitive
advantage. Cyber Resilience complements and develops on present security approaches and
needs to be incorporated within existing Information Security Management Systems and Risk
Management Structures. Therefore, this is significant for the businesses in attaining higher
competitive advantage via reducing the issue of information breach and cyber attacks.
Scale of cybercrime and information breaches in the UK retail sector
As per the views stated by Don-Alvin Adegeest, 2016, cyber crime is recognised as the
most effective threat to the retail business in UK, Therefore, as per the acknowledgement of
UK's national CRime Agency the scale and cost of cyber crime is unclear in the present.
However, the office for national statistics represents that there were around 5.1 million instance
of Fraud and 2.5 million of cyber crime in the last few decades. It is the major issue in the retail
sector of UK as it has a wider influence over the operations and progression of the retail industry.
Cyber/data breaches and consumer confidence
According to the opinion stated by Alexis Petru, 2014, data breaches are the most
common occurrence as it affects the overall brand image and consumer trust. Data breach and
cyber attacks are mainly held with the companies that are operated online, thus computer
hackers, hack the email address and other personal information which may affects the trust of
customers. Therefore, it is important for the businesses to take effective cyber security measures
in respect to providing higher security assurance to their customers. High cyber attack and
information breach may affects the trust and loyalty of the customers and they refuse to buy thye
products of the firm and this may decrease the performance within market place.
The different challenges which the company faces in managing the information security
7
attacks, thefts of private information, data breach etc.
Cyber resilience and competitive advantage
As per the opinion analysis of Terena Bell, 2018, cyber resilience is defined as the
measure of how effectively a business can execute its operations during a information breach or
cyber attacks. In addition to this, cyber resilience is also defined as the ability of a business to
recover quickly from deliberate attacks; or incidents regard to the use of information and
communication technologies. Therefore, cyber resilience is an effective procedure for the
business and widely implemented through the businesses due to increase in cyber attacks, thus it
protects the business information and helps the business in attaining higher competitive
advantage. Cyber Resilience complements and develops on present security approaches and
needs to be incorporated within existing Information Security Management Systems and Risk
Management Structures. Therefore, this is significant for the businesses in attaining higher
competitive advantage via reducing the issue of information breach and cyber attacks.
Scale of cybercrime and information breaches in the UK retail sector
As per the views stated by Don-Alvin Adegeest, 2016, cyber crime is recognised as the
most effective threat to the retail business in UK, Therefore, as per the acknowledgement of
UK's national CRime Agency the scale and cost of cyber crime is unclear in the present.
However, the office for national statistics represents that there were around 5.1 million instance
of Fraud and 2.5 million of cyber crime in the last few decades. It is the major issue in the retail
sector of UK as it has a wider influence over the operations and progression of the retail industry.
Cyber/data breaches and consumer confidence
According to the opinion stated by Alexis Petru, 2014, data breaches are the most
common occurrence as it affects the overall brand image and consumer trust. Data breach and
cyber attacks are mainly held with the companies that are operated online, thus computer
hackers, hack the email address and other personal information which may affects the trust of
customers. Therefore, it is important for the businesses to take effective cyber security measures
in respect to providing higher security assurance to their customers. High cyber attack and
information breach may affects the trust and loyalty of the customers and they refuse to buy thye
products of the firm and this may decrease the performance within market place.
The different challenges which the company faces in managing the information security
7
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
As per the opinion stated by Stefan Fenz, Johannes Heurix, Thomas Neubauer and Fabian
Pechstein, 2014, Information security are recognised as the key consideration for business in
each size; therefore, information security is essential in the manner of executing business
operations in an effective manner. Organisations now a day's get benefits from the use of cyber
technologies; thus these are effective in exploring the operations of the firm in an effective
manner and on the other hand businesses are also facing issues related with cybersecurity,
hackers and cybercriminals. Marks and Spencer is a large retail firm, which has its wider
business operations and the growth and development of business is relay upon technological
aspects; thus the company is using computer systems and many other technological aspects for
the purpose of maintaining appropriate information regarding the operations of the firm,
company also kept customers information etc. However, the company is facing challenges in
managing information security; some are associated as below:
Resist the changes: This is the key challenge which is mainly faced by the businesses due to
managing the information security system (Hiller and Russell, 2013). No proper management of
information system mainly restricts the firm to implement change, which affects the functioning
of the firm in an adverse manner. Due to non-authentic security aspects Marks and Spencer has
faced the issue of executing the appropriate change in their process and operations.
Weak Links in Supply Chain: This in turns recognising as the key challenge which is faced by
Marks and Spencer in managing the information security. For a retail organisation, maintaining
supply chain is the primary consideration of business; therefore, it is effective in satisfying the
requirements of customers at a larger level. Information security errors of breach of data affect
the overall supply chain of Marks and Spencer, which has a direct impact on the profitability and
growth of the business.
Potential Insider Threats: There are two sorts of internal information risk plaguing businesses.
The first is recognised through malicious intent, or the other one is purely unintentional and has
the aforementioned human error aspect connected to it. These two threats affect the overall
functioning of the business.
8
Pechstein, 2014, Information security are recognised as the key consideration for business in
each size; therefore, information security is essential in the manner of executing business
operations in an effective manner. Organisations now a day's get benefits from the use of cyber
technologies; thus these are effective in exploring the operations of the firm in an effective
manner and on the other hand businesses are also facing issues related with cybersecurity,
hackers and cybercriminals. Marks and Spencer is a large retail firm, which has its wider
business operations and the growth and development of business is relay upon technological
aspects; thus the company is using computer systems and many other technological aspects for
the purpose of maintaining appropriate information regarding the operations of the firm,
company also kept customers information etc. However, the company is facing challenges in
managing information security; some are associated as below:
Resist the changes: This is the key challenge which is mainly faced by the businesses due to
managing the information security system (Hiller and Russell, 2013). No proper management of
information system mainly restricts the firm to implement change, which affects the functioning
of the firm in an adverse manner. Due to non-authentic security aspects Marks and Spencer has
faced the issue of executing the appropriate change in their process and operations.
Weak Links in Supply Chain: This in turns recognising as the key challenge which is faced by
Marks and Spencer in managing the information security. For a retail organisation, maintaining
supply chain is the primary consideration of business; therefore, it is effective in satisfying the
requirements of customers at a larger level. Information security errors of breach of data affect
the overall supply chain of Marks and Spencer, which has a direct impact on the profitability and
growth of the business.
Potential Insider Threats: There are two sorts of internal information risk plaguing businesses.
The first is recognised through malicious intent, or the other one is purely unintentional and has
the aforementioned human error aspect connected to it. These two threats affect the overall
functioning of the business.
8
Chapter 3: Research Methodology
The research methodology is defined as the specific process or techniques applied to analyse,
select, process and evaluate data related to a specified area of study. This part of the investigation
is effective in assisting the overall investigation work in the right manner to reaching the
potential outcome. This part of the research is mainly based on different applications that are
supportive in guiding the work in the right manner to probable results. The suitable selection of
methodologies are described as under:
Type of Investigation: This is the most imperative part of an investigation, therefore in the
execution of an investigation work the key obligation of an investigator is to select the most
suitable type of investigation in respect to carrying out the work in the right manner. Research
type is mainly of two types, i.e. qualitative and quantitative research, thus in the present
investigation into actual action qualitative in the most suitable type for determining the
investigation related with examining the different types of strategies used to implement
information security management in company to decrease the risk of threat of breach of data and
cyber-attacks (Kozik and ChoraĆ, 2013). However, in this present investigation work qualitative
research is applied by the researcher as it is effective in providing suitable analysis via
developing appropriate concepts and theories. Therefore, qualitative research is effective in
developing detailed analysis which is beneficial is developing an in-depth base over the selected
area of study.
Research Approach: The suitable selection of research approach is important in assisting the
overall work in the right manner; therefore, an investigation approach is mainly relaid upon the
type of research. Research Approach is mainly of two types, i.e. deductive and inductive research
approach. In the existing research work, Inductive is the most suitable approach; thus, it is
effective for qualitative research and appropriate in providing detailed information via the
support of theories and hypothesis.
Research Philosophy: This is also the key aspect of research methodology as it is important for
the investigator to conduct an investigation in a viable manner through the selection of suitable
philosophy. This aspect is mainly encompassed over interpretivism and positivism research
philosophy (Kulikova and et al., 2012). In the present investigation work, interpretivism
philosophy is the most suitable tool; therefore, it is effective in providing fact full information
over the area of examining the different types of strategies used to implement information
9
The research methodology is defined as the specific process or techniques applied to analyse,
select, process and evaluate data related to a specified area of study. This part of the investigation
is effective in assisting the overall investigation work in the right manner to reaching the
potential outcome. This part of the research is mainly based on different applications that are
supportive in guiding the work in the right manner to probable results. The suitable selection of
methodologies are described as under:
Type of Investigation: This is the most imperative part of an investigation, therefore in the
execution of an investigation work the key obligation of an investigator is to select the most
suitable type of investigation in respect to carrying out the work in the right manner. Research
type is mainly of two types, i.e. qualitative and quantitative research, thus in the present
investigation into actual action qualitative in the most suitable type for determining the
investigation related with examining the different types of strategies used to implement
information security management in company to decrease the risk of threat of breach of data and
cyber-attacks (Kozik and ChoraĆ, 2013). However, in this present investigation work qualitative
research is applied by the researcher as it is effective in providing suitable analysis via
developing appropriate concepts and theories. Therefore, qualitative research is effective in
developing detailed analysis which is beneficial is developing an in-depth base over the selected
area of study.
Research Approach: The suitable selection of research approach is important in assisting the
overall work in the right manner; therefore, an investigation approach is mainly relaid upon the
type of research. Research Approach is mainly of two types, i.e. deductive and inductive research
approach. In the existing research work, Inductive is the most suitable approach; thus, it is
effective for qualitative research and appropriate in providing detailed information via the
support of theories and hypothesis.
Research Philosophy: This is also the key aspect of research methodology as it is important for
the investigator to conduct an investigation in a viable manner through the selection of suitable
philosophy. This aspect is mainly encompassed over interpretivism and positivism research
philosophy (Kulikova and et al., 2012). In the present investigation work, interpretivism
philosophy is the most suitable tool; therefore, it is effective in providing fact full information
over the area of examining the different types of strategies used to implement information
9
â This is a preview!â
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
1 out of 34
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
 +13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
Copyright © 2020â2025 A2Z Services. All Rights Reserved. Developed and managed by ZUCOL.