In this thesis, the concept scheme and basic theory of "quality management" specified in GBT 19000 Series are studied for the first time, and furthermore by analyzing "quality assurance" in "Information Security Evaluation and Certification", it is illustrated that Information Security Evaluation and Certification fallows the basic theory of "quality management" and provides the scientific and logical validation for information security assurance on the basis of the Common Criteria.Fuethermore, on the basis of traditional evaluation and certification on information technology products and information systems, by studying and discussing on the Robustness Model (static), Time-based PDR Model (dynamic), and Distributed Dynamic Initiative Model, the Information Security Assurance Management Information System centered by Information Security Evaluation and Certification is derived, in which the value list, threats list, robustness list, list of Strength of function, security function distribution list, and attack-defense time list, and etc., are included.
|