Exam CISSP topic 1 question 454 discussion

D is correct Bell-LaPadula → Confidentiality Biba → Integrity Clark-Wilson → segregation of duties Brewer-Nash → conflict of interest Noninterference → avoid covert channel

Read the WHOLE question: Which security model BEST protects the integrity of data? It's not asking you which model is for separation of duties.

Answer B) The Biba Integrity model This is one of those 3 sentence questions where the first two sentences are trying to throw you off. The question asked, "Which security model BEST protects the integrity of data" and not "which should be used to facilitate segregation of duties"...or "which model will fulfill the requirements above"....

In the context of the question D. The Clark-Wilson model makes more sense. The Clark-Wilson model addresses both segregation of duties (SoD) and data integrity. It enforces well-formed transactions and integrity constraints to maintain data integrity and also includes a mechanism for ensuring that users cannot perform conflicting duties, thus supporting SoD. Implementing SoD to address protection against fraud while also protecting the integrity of data, the Clark-Wilson model is the best choice. However, if the question only had that last line "Which security model BEST protects the integrity of data?" without everything mentioned before that, the correct answer would have been B. The Biba Integrity model. I believe they even added the word integrity on B. instead of just Bibal model to entice to pick that answer instead of D.

Clark-Wilson is about SoD

agree with given answer D: Clark Wilson model is based on the concept of separation of duties, which means that no single individual should have complete control over a system or process