因應資訊安全標準的需求,財團法人電信技術中心於94年11月15日通過ISO/IEC17025認證,正式成立資通安全檢測實驗室,為一以共同準則為標準之測試實驗室。資安產品通過共同準則驗證提供安全性保證已是潮流所趨,唯較少提及系統的安全性保證。有鑑於此,本研究依共同準則之標準實作S壽險公司之「旅行平安險網路投保系統」之保護剖繪及安全標的,透過實作結果,提出下列建議:1.列出該系統之安全性規格,提供該企業主、系統開發者、網路管理者對該系統安全性衡量或改進的參考。2.資訊系統於開發生命週期中或系統上線後,也能導入共同準則,作為安全功能檢視與驗證之標準。3.所有網路交易系統導入共同準則之標準,以建置一個具有基本資訊確保的交易環境。 In accordance with the demands of the information security standard, on November 15th, 2005, the information security inspection laboratory passed the ISO/IEC17025 authentication, and established the Telecom Technology Center, a commonwealth organization of Taiwan R.O.C. The lab use common criteria in the standardized tests. Security products must pass the Common Criteria verification for information assurance has become the trend. But seldom do they mention the information system security guarantee. This thesis performs a case study that establishes the protection profile and security target for a travel insurance information system using Common Criteria. Through the case study we conclude that: 1.As a case study result, a list of the security specifications and recommends for security improvement can be served as suggestions to the business owner, system developers, and network attendants. 2.It is recommend that within the system development life cycles and/or after information system being delivered, the Common Criteria shall be followed as security function of inspection and confirmation. 3.Network transaction systems can employ Common Criteria as a standard to establish the base for a network transaction environment for information assurance.
