Re: Computer Security MSc Dissertation!HELP!
here's an issue that I've come across recently,
PCI-DSS, the "standard" was quite clearly written by guys who know a lot about windows.
however, there isn't a lot of guidance as to what is or is not acceptable on Linux, which can leave you arguing with certifiers over whether you should or should not be able to do various things.
It also means that whilst you may have two PCI-DSS certified places or institutions they can be secured in very different ways, and what might be acceptable to one person or institution is not acceptable to another.
what I'm suggesting is that sites where you write your credit card numbers in to buy things should be secure, not only that but they should conform to a "standard" of security, but that standard of security is not a fixed target, it's more of a fluid ideal, that is not applied uniformly across the board.
I'd suggest a dissertation that takes a case study of two companies with pci-dss certified environments, looks at the differences, asks why that is, and what holes there are in the "standard" that mean that it's maybe not as secure as it could be.
(unfortunately I will not be able to provide any details of the customers PCI-DSS certified environment that I'm currently creating, as the company I work for takes confidentiality quite seriously.)
I didn’t fight my way to the top of the food chain to be a vegetarian…
Im sick of people saying 'dont waste paper'. If trees wanted to live, they'd all carry guns.
"The inherent vice of capitalism is the unequal sharing of blessings; The inherent vice of socialism is the equal sharing of miseries."