There is obvious demand for ensuring the information security of information systems from the part of both developers and users. In order to certify the security features of systems and to provide comparability, different certification methods have been born. One of the most popular such standards internationally is the Common Criteria (ISO/IEC 15408), on which the Hungarian National IT Security Evaluation and Validation Scheme (MIBÉTS) is based.
The main goal of this thesis is to create the general plans of an evaluation laboratory in a university setting, which is capable of carrying out evaluations based on these standards. To achieve this, I analyse the standards above, as well as the ISO/IEC 17025 standard which contains the general requirements for the competence of testing laboratories, and I assess what requirements arise for a laboratory from them and the related methodologies. I examine several laboratories established with similar purposes, and some case studies concerning similar activities, and I collect the practical experience worth considering in achieving our specific goals.
Based on these experiences and observations I lay down the fundamental structure of our laboratory, and I make the basic initial planning steps which are needed to successfully establish and run it. For certain generally applicable procedures and basic elements I provide detailed plans, and I offer guidance on the further steps necessary, should the actual establishing of such a laboratory happen.