Certified Information Systems Security Professional (CISSP) — Question 140

In designing the architecture of an access control system, it was determined that confidentiality and controlled access to information were the primary focus. Which of the following security models is the BEST choice for the organization?

Answer options

• A. Biba integrity model
• B. Clark-Wilson model
• C. Bell-LaPadula model
• D. Brewer-Nash model

Correct answer: C

Explanation

The Bell-LaPadula model is specifically designed to maintain confidentiality by preventing users from accessing information at a higher security level than their own. The other models, such as Biba and Clark-Wilson, focus more on integrity and transaction control rather than confidentiality, making them less suitable for this scenario.