2010 Royal Holloway information security thesis series

In our third year of collaboration with Royal Holloway University of London, SearchSecurity.co.UK is pleased to publish a series of nine articles by recent MSc graduates. The articles represent cutting edge research in information security and span a number of topics — from new approaches to security awareness training to Vehicular Ad-Hoc Networks (VANETs) to PCI compliance costs.

• The real cost of PCI DSS compliance
  
• DNS security best practices to prevent DNS poisoning
  
• Internet safety for kids: Tips on computer security awareness training
  
• Challenges and solutions: Security of Vehicular Ad-Hoc Networks
  
• A new approach to fighting varied types of cybercrime cases
  
• How to improve pharmaceutical data management with the TCG TPM
  
• Raising the efficacy of a Trusted Platform Module security device
  
• Risk metrics: Measuring the effectiveness of an IT security control
  
• Threat assessment model: Testing open source software for security
  

  
  Royal Holloway University of London MSc thesis series
  
  The real cost of PCI DSS compliance
  It's difficult to overestimate the impact PCI DSS has had on information security, not least because of the expense of compliance. Martin Bradley and Alexander Dent explore the real cost of PCI DSS compliance.

  
  DNS security best practices to prevent DNS poisoning
  DNS cache poisoning is a threat to any Internet-connected enterprise. Learn how the attack method works and potential mitigation strategies in this thesis from Richard Agar and Kenneth Paterson.

  
  Internet safety for kids: Tips on computer security awareness training
  Children can be some of the most vulnerable Web surfers. In this article, Clara Brady and Chris Mitchell describe security awareness training strategies for kids.

  
  Challenges and solutions: Security of Vehicular Ad-Hoc Networks
  In the future, cars themselves may be able to prevent accidents by way of Vehicular ad hoc Networks (VANETs). In this article, Abdul Kalam Aboobaker and Stephen Wolthusen explore security concerns.

  
  A new approach to fighting varied types of cybercrime cases
  Fighting cybercrime may seem like a losing battle considering the enemy is so well resourced. Anna Cevidalli and John Austen explore new approaches in the war against cybercrime.

  
  How to improve pharmaceutical data management with the TCG TPM
  Stephen Khan and John Austen consider how the Trusted Computing Group's TPM could be used to enhance secure pharmaceutical data management.

  
  Raising the efficacy of a Trusted Platform Module security device
  In this article, learn more about the Trusted Computing Group, particularly the limitations of and possible uses for its TCG TPM, from Andrew Lee-Thorp.

  
  Risk metrics: Measuring the effectiveness of an IT security control
  Is it possible to use risk metrics to monitor how effective an IT security control or investment is? In this article, Jonathan Pagett and Siaw-Lynn Ng suggest possible ways to do so.

  
  Threat assessment model: Testing open source software for security
  To mitigate the risks of using open source software, Yoav Aner and Carlos Cid propose a new threat modelling method for testing the security of open source software.