Information Systems Security Thesis Topic

well, hot fields in InfoSec these days are IDS/IDP, DLP, and SQL Injection prevention/detection. Problem is, there are a *lot* of commercial interests researching in the field, so its hard to find something you can hit the ground running on, do original research on, and not duplicate commercial work and/or run foul of defensive patenting.

Honeypotting and honeynetworks seem to be on a bit of a back-burner at the moment, although there is already a lot of work done - however, most are web-, os- or email- centric, very little has been done for tarpitting CMS systems at the database or API layers, so perhaps there is a niche there you can play in?

how are your programming skills?

IDS/IPS and log analysis are pretty hot topics that I myself am very interested in doing some research on.

I guess in a perfect world the ideal security solution might include packet and log analysis with automatic defense against those attacks and intrusions.

Can it be some topic like researching with existing security products and tools instead of getting inside the code?

something like planning,architecting and implementing security for large enterprises effectively?
similar to how the security standards are targeting?

I would assume so - its hard to do original research with commodity tools though, and security bodies tend to pick arbitrary breakpoints and then build their rules around that, as in the main it doesn't matter what breakpoint you chose for a target, provided you can internally justify it and get to set the rules :)