Ricoh Aficio MP 2550B Security Target - Page 28

3 Security Problem Definition This chapter describes the Threats, Organisational Security Policies and Assumptions. Page 28 of 83 3.1 Threats The assumed threats related to the use and environment of this TOE are identified and described below. The threats described in this chapter are the attacks by persons who have the knowledge of disclosed information about the TOE operation, and the attackers will have the basic level of attack potential. T.ILLEGAL_USE (Malicious Usage of TOE) Attackers may read or delete the Document Data by gaining unauthorised access to the TOE from the TOE external interfaces (Operation Panel, Network Interface, USB Interface or SD CARD Interface). T.UNAUTH_ACCESS (Access Violation to Protected Assets Stored in TOE) Authorised TOE users may go beyond the bounds of the authorised usage and access to Document Data from the TOE external interfaces (Operation Panel, Network Interface or USB Interface) that are provided to the authorised TOE users. T.ABUSE_SEC_MNG (Abuse of Security Management Function) Persons who are not authorised to use Security Management Function may abuse the Security Management Function. T.SALVAGE (Salvaging Memory) Attackers may take HDD out of the TOE and disclose Document Data. T.TRANSIT (Interceptions and Tampering on Communication Path) Attackers may illegally obtain, leak, or tamper Document Data and Print Data that are sent or received by the TOE via the Internal Networks. T.FAX_LINE (Intrusion from Telephone Line) Attackers may gain unauthorised access to the TOE from telephone lines. 3.2 Organisational Security Policies The following security policy is assumed for the organisations that demand the integrity of software installed in IT products: Copyright (c) 2009,2010 RICOH COMPANY, LTD. All Rights Reserved.