In accordance with the demands of the information security standard, on November 15th, 2005, the information security inspection laboratory passed the ISO/IEC17025 authentication, and established the Telecom Technology Center, a commonwealth organization of Taiwan R.O.C. The lab use common criteria in the standardized tests. Security products must pass the Common Criteria verification for information assurance has become the trend. But seldom do they mention the information system security guarantee. This thesis performs a case study that establishes the protection profile and security target for a travel insurance information system using Common Criteria. Through the case study we conclude that: 1.As a case study result, a list of the security specifications and recommends for security improvement can be served as suggestions to the business owner, system developers, and network attendants. 2.It is recommend that within the system development life cycles and/or after information system being delivered, the Common Criteria shall be followed as security function of inspection and confirmation. 3.Network transaction systems can employ Common Criteria as a standard to establish the base for a network transaction environment for information assurance.