Page 26 of 81
Copyright (c) 2010 RICOH COMPANY, LTD. All Rights Reserved.
3 Security Problem Definitions
This section provides details of threats, organisational security policies, and assumptions.
3.1 Threats
Defined and described below are the assumed threats related to the use and environment of this TOE. The
threats defined in this section are attacks by unauthorised persons with knowledge of published information
about TOE operations and such attackers are capable of potential security attacks.
T.ILLEGAL_USE (Abuse of TOE)
Attackers may read or delete document data by gaining unauthorised access to the TOE
through the device's interfaces (the Operation Panel, network interface, USB Port, or SD
card interface).
T.UNAUTH_ACCESS (Access violation to protected assets stored in TOE)
Authorised TOE users may breach the limits of authorised usage and access document
data through the external TOE interfaces (the Operation Panel, network interface, or
USB Port) that are provided for them.
T.ABUSE_SEC_MNG (Abuse of Security Management Function)
Persons not authorised to use Security Management Functions may abuse them.
T.SALVAGE (Salvaging memory)
Attackers may remove the HDD from the TOE and disclosed document data.
T.TRANSIT (Interceptions and tampering on communication path)
Attackers may illegally obtain, leak, or tamper with document data or print data sent or
received by the TOE via the internal network.
T.FAX_LINE (Intrusion from telephone line)
Attackers may gain access to the TOE through telephone lines.
3.2 Organisational Security Policies
The following security policy is assumed for organisations that demand integrity of the software installed in
its IT products.
To Next Page
Loading...
