Security Problem Definitions; Threats; Organisational Security Policies - Ricoh Aficio MP 8001 Manual

3 Security Problem Definitions

This section provides details of threats, organisational security policies, and assumptions.
3.1

Threats

Defined and described below are the assumed threats related to the use and environment of this TOE. The
threats defined in this section are attacks by unauthorised persons with knowledge of published information
about TOE operations and such attackers are capable of potential security attacks.
T.ILLEGAL_USE
Attackers may read or delete document data by gaining unauthorised access to the
TOE through the device's interfaces (the Operation Panel, network interface, USB Port,
or SD card interface).
T.UNAUTH_ACCESS (Access violation to protected assets stored in TOE)
Authorised TOE users may breach the limits of authorised usage and access document
data through the external TOE interfaces (the Operation Panel, network interface, or
USB Port) that are provided for them.
T.ABUSE_SEC_MNG (Abuse of Security Management Function)
Persons not authorised to use Security Management Functions may abuse them.
T.SALVAGE
Attackers may remove the HDD from the TOE and disclose document data.
T.TRANSIT
Attackers may illegally obtain, leak, or tamper with document data or print data sent or
received by the TOE via the internal network.
T.FAX_LINE
Attackers may gain access to the TOE through telephone lines.
3.2

Organisational Security Policies

The following security policy is assumed for organisations that demand integrity of the software installed in
its IT products.
Copyright (c) 2010 RICOH COMPANY, LTD. All Rights Reserved.
(Abuse of TOE)
(Salvaging memory)
(Interceptions and tampering on communication path)
(Intrusion from telephone line)
Page 27 of 82