Challenges and Opportunities in the Information Systems Security Evaluation and Position of ISO/IEC 15408

Organizations would encounter with challenges which leaving them would be impossible without any systematic and engineering approach and without any preparation of Secure Information System. The most important and greatest challenge is related to security of area that provides Information Systems. The main contribution of this work is providing a security standard-based process for software product line development. It is based on categories vulnerabilities and some concept of software engineering and use of the redefinition of information system life cycle, which integrated by Common Criteria (ISO/IEC 15408) controls into the product line lifecycle. Present approach reduces the complexity and ambiguity inherent in the information systems security in the engineering, well-defined, repeatability process. Thus, the security organizations which implement secure products ensure the security level their product and use time-cost effective and engineering process to improve their future product.