Using the Common Criteria for IT Security Evaluation