The recent arrest of US Air Force airman Jack Teixeira following his illegal sharing of classified information just to show off to his buddies shone a spotlight on the conversation surrounding access control. In Teixeira’s case, all the ingredients necessary to protect the classified information were in place, but sadly they appear to have been ignored and abused by Teixeira and his superiors.
In the mythical land of Nirvana, where everything is perfect, CISOs would have all the resources they needed to protect corporate information. The harsh reality, which each CISO experiences on the daily, is that few entities have unlimited resources. Indeed, in many entities when the cost-cutting arrives, it is not unusual for security programs that have not (so far) positioned themselves as a key ingredient in revenue preservation to be thrown by the wayside — if you ever needed motivation to exercise access control to information, there you have it.