Page 38 of
89
Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.
4.3
Security Objectives Rationale
This section describes the rationale for security objectives. The security objectives are for upholding the
assumptions, countering the threats, and enforcing the organisational security policies that are defined.
4.3.1
Correspondence Table of Security Objectives
Table 7 describes the correspondence between the assumptions, threats and organisational security policies,
and each security objective.
Table 7 : Rationale for Security Objectives
O
.DO
C.
NO
_D
IS
O
.DO
C.
NO
_A
L
T
O.
FU
NC.
N
O_
AL
T
O.
PR
OT
.N
O
_
AL
T
O
.CO
NF
.NO_
DIS
O.
C
O
N
F
.N
O
_AL
T
O.
USE
R
.A
UT
H
O
RI
Z
E
D
OE
.U
SE
R.
AUT
H
O
R
IZ
E
D
O.SOFTW
A
RE.VER
IFIED
O.
A
U
D
IT
.L
OG
GE
D
OE
.A
U
D
IT
_ST
O
R
A
GE
.P
ROT
C
T
E
D
OE
.A
U
D
IT
_
A
CCE
S
S
_
AUT
H
O
RIZ
E
D
OE.AUDIT
.REVIEWED
O.
INT
E
R
F
A
CE
.M
A
N
AGE
D
OE
.P
H
Y
SIC
A
L
.M
A
N
AGE
D
O
E
.IN
TERF
A
CE.MAN
AG
ED
O
.ST
O
R
AG
E.EN
CR
Y
P
TED
O
.RCG
A
TE.CO
MM.
PRO
TECT
OE
.A
DMI
N
.T
R
A
IN
E
D
OE
.A
DMI
N
.T
R
U
ST
E
D
OE
.U
SE
R.
T
R
AI
NE
D
T.DOC.DIS
X
X
X
T.DOC.ALT
X
X
X
T.FUNC.ALT
X
X
X
T.PROT.ALT
X
X
X
T.CONF.DIS
X
X
X
T.CONF.ALT
X
X
X
P.USER.AUTHORIZATION
X
X
P.SOFTWARE.VERIFICATION
X
P.AUDIT.LOGGING
X
X
X
X
P.INTERFACE.MANAGEMENT
X
X
P.STORAGE.ENCRYPTION
X
P.RCGATE.COMM.PROTECT
X
A.ACCESS.MANAGED
X
A.ADMIN.TRAINING
X
A.ADMIN.TRUST
X
A.USER.TRAINING
X
