The next step is the proposition of security policies in mitigating APT via spear phishing attack,
followed by the evaluation and benchmarking of these policies in accordance to quality metrics such as
degree of least privilege support, degree of duty separation support and other metrics [11]. The most
feasible security policy will be selected based on these metrics.The security policies proposed and to be
formulated in this research are MAC, Clark Wilson integrity model, LOMAC and ABAC. MAC is
selected for its scalability to a large population of users and strict implementation in preventing
unauthorized disclosure of data at all cost [8]. Clark Wilson integrity model is well known for its
practicality and commercially oriented features aside from its integrity protection through enforcement
and certification. LOMAC is reliable and secure in terms of preventing movement of data from lower
level to higher level objects. ABAC is context-aware as it captures real-time environment attributes to
better enforce access control, for example, in sharing and managing information between organizations or
departments.