Explanation/Reference:
"Ultimately, people are the last line of defense for your company's assets" (Pastore & Dulaney, 2006, p.
529).
Pastore, M. and Dulaney, E. (2006). CompTIA Security+ study guide: Exam SY0-101. Indianapolis, IN:
Sybex.

Section: Network and Telecommunications
Explanation/Reference:
The TCP/IP protocol model is similar to the OSI model but it defines only four layers:
Application
Host-to-host
Internet
Network access
Reference(s) used for this question:
http://www.novell.com/documentation/nw65/ntwk_ipv4_nw/data/hozdx4oj.html and KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 3: Telecommunications and Network Security (page 84).
also see:
http://en.wikipedia.org/wiki/Internet_Protocol_Suite#Layer_names_and_number_of_layers_in_the_literature

The Clark-Wilson model uses separation of duties, which divides an
operation into different parts and requires different users to perform each part. This
prevents authorized users from making unauthorized modifications to data, thereby
protecting its integrity.
The Clark-Wilson integrity model provides a foundation for specifying and analyzing an
integrity policy for a computing system.
The model is primarily concerned with formalizing the notion of information integrity.
Information integrity is maintained by preventing corruption of data items in a system due to
either error or malicious intent. An integrity policy describes how the data items in the
system should be kept valid from one state of the system to the next and specifies the
capabilities of various principals in the system. The model defines enforcement rules and
certification rules.
The model's enforcement and certification rules define data items and processes that
provide the basis for an integrity policy. The core of the model is based on the notion of a
transaction.
A well-formed transaction is a series of operations that transition a system from one
consistent state to another consistent state.
In this model the integrity policy addresses the integrity of the transactions.
The principle of separation of duty requires that the certifier of a transaction and the
implementer be different entities.
The model contains a number of basic constructs that represent both data items and
processes that operate on those data items. The key data type in the Clark-Wilson model is
a Constrained Data Item (CDI). An Integrity Verification Procedure (IVP) ensures that all
CDIs in the system are valid at a certain state. Transactions that enforce the integrity policy
are represented by Transformation Procedures (TPs). A TP takes as input a CDI or
Unconstrained Data Item (UDI) and produces a CDI. A TP must transition the system from
one valid state to another valid state. UDIs represent system input (such as that provided
by a user or adversary). A TP must guarantee (via certification) that it transforms all
possible values of a UDI to a "safe" CDI.
In general, preservation of data integrity has three goals:
Prevent data modification by unauthorized parties
Prevent unauthorized data modification by authorized parties
Maintain internal and external consistency (i.e. data reflects the real world)
Clark-Wilson addresses all three rules but BIBA addresses only the first rule of intergrity.
References:
HARRIS, Shon, All-In-One CISSP Certification Fifth Edition, McGraw-Hill/Osborne, Chapter
5: Security Architecture and Design (Page 341-344). and http://en.wikipedia.org/wiki/Clark-Wilson_model

Integrity Controls Mechanisms are not part of physical security. All of the other detractors were correct this one was the wrong one that does not belong to Physical Security. Below you have more details extracted from the SearchSecurity web site: Information security depends on the security and management of the physical space in which computer systems operate. Domain 9 of the CISSP exam's Common Body of Knowledge addresses the challenges of securing the physical space, its systems and the people who work within it by use of administrative, technical and physical controls. The
following questions are covered:
Facilities management: The administrative processes that govern the maintenance and
protection of the physical operations space, from site selection through emergency
response.
Risks, issues and protection strategies: Risk identification and the selection of security
protection components.
Perimeter security: Typical physical protection controls.
Facilities management
Facilities management is a complex component of corporate security that ranges from the
planning of a secure physical site to the management of the physical information system
environment. Facilities management responsibilities include site selection and physical
security planning (i.e. facility construction, design and layout, fire and water damage
protection, antitheft mechanisms, intrusion detection and security procedures.) Protections
must extend to both people and assets. The necessary level of protection depends on the
value of the assets and data. CISSP@ candidates must learn the concept of critical-path
analysis as a means of determining a component's business function criticality relative to
the cost of operation and replacement. Furthermore, students need to gain an
understanding of the optimal location and physical attributes of a secure facility. Among the questions covered in this domain are site inspection, location, accessibility and
obscurity, considering the area crime rate, and the likelihood of natural hazards such as
floods or earthquakes.
This domain also covers the quality of construction material, such as its protective qualities
and load capabilities, as well as how to lay out the structure to minimize risk of forcible
entry and accidental damage. Regulatory compliance is also touched on, as is preferred
proximity to civil protection services, such as fire and police stations. Attention is given to
computer and equipment rooms, including their location, configuration (entrance/egress
requirements) and their proximity to wiring distribution centers at the site.
Physical risks, issues and protection strategies
An overview of physical security risks includes risk of theft, service interruption, physical
damage, compromised system integrity and unauthorized disclosure of information.
Interruptions to business can manifest due to loss of power, services, telecommunications
connectivity and water supply. These can also seriously compromise electronic security
monitoring alarm/response devices. Backup options are also covered in this domain, as is
a strategy for quantifying the risk exposure by simple formula.
Investment in preventive security can be costly. Appropriate redundancy of people skills,
systems and infrastructure must be based on the criticality of the data and assets to be preserved. Therefore a strategy is presented that helps determine the selection of cost appropriate controls. Among the questions covered in this domain are regulatory and legal requirements, common standard security protections such as locks and fences, and the importance of establishing service level agreements for maintenance and disaster support. Rounding out the optimization approach are simple calculations for determining mean time between failure and mean time to repair (used to estimate average equipment life expectancy) - essential for estimating the cost/benefit of purchasing and maintaining redundant equipment.
As the lifeblood of computer systems, special attention is placed on adequacy, quality and protection of power supplies. CISSP candidates need to understand power supply concepts and terminology, including those for quality (i.e. transient noise vs. clean power); types of interference (EMI and RFI); and types of interruptions such as power excess by spikes and surges, power loss by fault or blackout, and power degradation from sags and brownouts. A simple formula is presented for determining the total cost per hour for backup power. Proving power reliability through testing is recommended and the advantages of three power protection approaches are discussed (standby UPS, power line conditioners and backup sources) including minimum requirements for primary and alternate power provided.
Environmental controls are explored in this domain, including the value of positive pressure water drains and climate monitoring devices used to control temperature, humidity and reduce static electricity. Optimal temperatures and humidity settings are provided. Recommendations include strict procedures during emergencies, preventing typical risks (such as blocked fans), and the use of antistatic armbands and hygrometers. Positive pressurization for proper ventilation and monitoring for air born contaminants is stressed.
The pros and cons of several detection response systems are deeply explored in this domain. The concept of combustion, the classes of fire and fire extinguisher ratings are detailed. Mechanisms behind smoke-activated, heat-activated and flame-activated devices and Automatic Dial-up alarms are covered, along with their advantages, costs and shortcomings. Types of fire sources are distinguished and the effectiveness of fire suppression methods for each is included. For instance, Halon and its approved replacements are covered, as are the advantages and the inherent risks to equipment of the use of water sprinklers.
Administrative controls The physical security domain also deals with administrative controls applied to physical sites and assets. The need for skilled personnel, knowledge sharing between them, separation of duties, and appropriate oversight in the care and maintenance of equipment and environments is stressed. A list of management duties including hiring checks, employee maintenance activities and recommended termination procedures is offered. Emergency measures include accountability for evacuation and system shutdown procedures, integration with disaster and business continuity plans, assuring documented procedures are easily available during different types of emergencies, the scheduling of periodic equipment testing, administrative reviews of documentation, procedures and recovery plans, responsibilities delegation, and personnel training and drills.
Perimeter security Domain nine also covers the devices and techniques used to control access to a space. These include access control devices, surveillance monitoring, intrusion detection and corrective actions. Specifications are provided for optimal external boundary protection, including fence heights and placement, and lighting placement and types. Selection of door types and lock characteristics are covered. Surveillance methods and intrusion-detection methods are explained, including the use of video monitoring, guards, dogs, proximity detection systems, photoelectric/photometric systems, wave pattern devices, passive infrared systems, and sound and motion detectors, and current flow sensitivity devices that specifically address computer theft. Room lock types - both preset and cipher locks (and their variations) -- device locks, such as portable laptop locks, lockable server bays, switch control locks and slot locks, port controls, peripheral switch controls and cable trap locks are also covered. Personal access control methods used to identify authorized users for site entry are covered at length, noting social engineering risks such as piggybacking. Wireless proximity devices, both user access and system sensing readers are covered (i.e. transponder based, passive devices and field powered devices) in this domain.
Now that you've been introduced to the key concepts of Domain 9, watch the Domain 9, Physical Security video Return to the CISSP Essentials Security School main page See all SearchSecurity.com's resources on CISSP certification training Source: HARRIS, Shon, All-In-One CISSP Certification Exam Guide, McGraw-Hill/Osborne, 2001, Page 280.

Explanation/Reference:
Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 4: Cryptography (page 160).