Your company finished conducting an asset inventory. As the head of the sales department, you are assigned as the data owner of the customer master data, which you then classified as privacy according to the classification scheme. You are now authorizing employees to access the customer data based on their duty. Which of the following security models is most likely used to support the task?
A. Clark-Wilson Model
B. Take-Grant Model
C. Biba Model
D. Brewer and Nash Model
Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.
My suggested answer is B. Take-Grant Model.
The Take-Grant model employs a directed graph to dictate how rights can be passed from one subject to another or from a subject to an object.
Stewart, James M.; Chapple, Mike; Gibson, Darril. CISSP (ISC)2 Certified Information Systems Security Professional Official Study Guide. Wiley.
The Clark-Wilson Model maintains data integrity by limiting the change to the Constrained Data Items (CDIs) to the Transformation Procedures (TPs); the Integrity Verification Procedure (IVP) then verifies the data integrity. This shapes the concept of transactions and separation of duties.
Brewer and Nash Model
The Brewer and Nash model is also known as the Chinese Wall. Data are grouped into different mutually exclusive or conflict-of-interest (COI) classes. Users getting access to any one of the classes are prevented from access to the other classes by the system automatically to avoid potential conflict-of-interest situations.
The Biba model protects data integrity by controlling data flow from the lower level to the upper level through Simple and * (star) Integrity Property.