1. You are working for a law firm and tasked to evaluate access control models for information systems. It is a major concern that your law firm may represent both sides in an ongoing legal case and the information flow between the two legal teams may result in collusion or bias. Which of the following is the best fit for your firm?
   A. Clark-Wilson Model
   B. Graham-Denning Model
   C. Take-Grant Model
   D. Brewer-Nash Model
2. Alice generated a public/private key pair for asymmetric cryptography. She sent to Bob a document with a message digest encrypted by her private key. Bob then validated the document by computing a new message digest from the document and comparing it with the decrypted message digest. If the comparison matches, Bob can assure that the document comes from Alice while she can not deny it. Which of the following best describes the security principle or objective the process will achieve?
   A. Integrity
   B. Authenticity
   C. Non-repudiation
   D. Accountability

Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.

My suggested answer is D. Brewer-Nash Model for Q1 and A. Integrity for Q2.

Question 1

Brewer and Nash Model (aka Chinese Wall)

This model was created to permit access controls to change dynamically based on a user’s previous activity (making it a kind of state machine model as well). This model applies to a single integrated database; it seeks to create security domains that are sensitive to the notion of conflict of interest (for example, someone who works at Company C who has access to proprietary data for Company A should not also be allowed access to similar data for Company B if those two companies compete with each other).

This model is known as the Chinese Wall because it creates a class of data that defines which security domains are potentially in conflict and prevents any subject with access to one domain that belongs to a specific conflict class from accessing any other domain that belongs to the same conflict class.

Stewart, James M.; Chapple, Mike; Gibson, Darril. CISSP (ISC)2 Certified Information Systems Security Professional Official Study Guide (Kindle Locations 8466-8479). Wiley. Kindle Edition.

Question 2

• My suggested answer is A. Integrity as this question is designed to remind you that “integrity” includes non-repudiation and authenticity according to the law, the E-Government Act of 2002.
• The process Alice has completed generates “Digital signature”. Digital signatures provide authenticity protection, integrity protection, and non-repudiation.
• C. Non-repudiation is not a bad idea as it’s commonly accepted that digital signatures ensure non-repudiation. However, “integrity” as an umbrella term covers more comprehensively in terms of the legal definition.