| |
 |
Information Security That Benefits Manufacturing
|
The Ricoh Group infuses its products with
security features including authentication functions, encrypted
transmission, and copy-guard for printers. To help customers use
products confidently and securely, Ricoh places equal importance
on monitoring technological threats and raising the quality of
security. A variety of appropriate measures are in place in all
operational phases from product development onward.
Gathering Incident-related
Information
and Responding |
 |
|
|
Ricoh receives information on weaknesses from JPCERT/CC* and other
organizations, and analyzes this information to fight threats
to its products on a daily basis. (These threats are incidents
with adverse impact on information security, and are referred
to as "incidents" below.) This helps ensure customers'
safe and secure use of Ricoh products. Ricoh registered for the
roster of JPCERT/CC's product developers in fiscal 2005 and
opened a liaison section in the Quality Assurance Center (QAC)
of the MFP Business Group. The QAC provides JPCERT/CC information
on incidents to vendors. It also works with product developers
to analyze incident-related information and determine whether
products in development may potentially cause a security incident.
If any potential threat leading to an incident is identified,
the Center will order technological responses and other measures
to minimize the adverse impact on customers. It will also disclose
relevant information to customers and cooperating vendors.
Ricoh has successfully avoided incidents involving its products
by catching indications of weakness in advance and making design
changes before marketing.
| * |
Japan Computer Emergency Response Team Coordination Center
(JPCERT/CC) was designated by the Ministry of Economy,
Trade and Industry in its Notice #235 (July 2004): "Handling
Criteria for Weakness Information for Software, etc."
as the coordinating body for the dissemination of weakness
information in Japan. It receives reports, concerning
sites in Japan, of computer security incidents such as
unauthorized entry via the Internet and service interference.
From a technological standpoint, it provides assistance
for the execution of responses, gathers information on
how an incident is triggered, analyzes the methods of
attacks, and develops methods and dispenses advice to
prevent a recurrence. |
Product Weakness
Testing Before Shipping |
 |
|
|
|
Quality Assurance Center
of MFP Business Group
(at Ricoh Technology Center) |
| |
 |
To increase the security of products at
the time of shipment, Ricoh fine-tunes its mechanisms for the
discovery and elimination of weaknesses before product shipment.
As the networking of office devices proliferates, digital MFPs
and printers, along with PCs and servers, are vulnerable to attack.
In fact, weaknesses of digital MFPs were reported at a security-related
trade exhibition outside Japan. To administer quick responses,
the Software R&D Group assesses the weakness of Ricoh products.
This is done by attacking the products, with the same techniques
used by assailants, to discover weaknesses. Thus, the products
will not be successfully attacked after their market introduction.
Results of this testing are reported to the departments in charge
of development, where countermeasures are worked out. For these
efforts, researchers themselves collect weakness information and
keep abreast of cutting-edge security technologies by working
closely with research organizations outside Japan.
The Ricoh Group monitors technological threats to products and
takes the required action. Ricoh carries out such "behind-the-scenes"
activities in areas unseen by customers to ensure the safe and
secure use of its products. Some examples of Ricoh's efforts
were given above. Ricoh is committed to carrying out these activities
every day, with the belief that these efforts will win customer
trust and increase corporate value.
|
|
|
|
