An Analysis of Software Supportable Tasks Related with ISO/IEC 15408

From the perspective of information security engineering, ISO/IEC 15408, one of ISO/IEC security standards, plays an important role to ensure the whole security of an information/software system. ISO/IEC 15408 is a complex security standard which requires involvement of wide range of participants to perform a quite number of tasks as well as various documents. ISO/IEC 15408 is periodically reviewed and maintained to achieve ongoing improvement so that workflow of tasks and contents/format of documents related with the standard are changed according to changes of the standards. Consequently, it is difficult to do all of the tasks related with ISO/IEC 15408 without any supporting tools. However, there is no study to identify which tasks related with ISO/IEC 15408 can be supported by software tools. Indeed, no one makes clear what the tasks and participants exist. This paper presents the first analysis to identify all software supportable tasks related with ISO/IEC 15408. The paper enumerates all of the participants, documents, and tasks related with ISO/IEC 15408 and shows relationship among them, and identifies all software supportable tasks. The analysis and its results become a basis to construct an information security engineering environment based on ISO/IEC 15408 for ensuring the whole security of an information/software system.