Which security model uses division of operations into different parts and requires different users to perform
each part?

A.
Bell-LaPadula model

B.
Biba model

C.
Clark-Wilson model

D.
Non-interference model

Explanation:
The Clark-Wilson security model uses division of operations into different parts and requires different users to
perform each part. This is known as Separation of Duties.The Clark-Wilson model outlines how to incorporate separation of duties into the architecture of an application.
If a customer needs to withdraw over $10,000, the application may require a supervisor to log in and
authenticate this transaction. This is a countermeasure against potential fraudulent activities. The model
provides the rules that the developers must follow to properly implement and enforce separation of duties
through software procedures.
Incorrect Answers:
A: The Bell-LaPadula model does not use division of operations into different parts and require different users
to perform each part.
B: The Biba model does not use division of operations into different parts and require different users to perform
each part.
D: The Non-interference model does not use division of operations into different parts and require different
users to perform each part.

Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 376