PoLP (Principle of Least Privilege)

Looking back to my early days as an apprentice in the Information Technology realm, the significance of IAM (Identity Access Management) was often overlooked. In many cases, particularly within smaller organizations, the approach involved granting administrator privileges to all to streamline access, a practice humorously dubbed the "God rule" due to its all-encompassing nature.

Over time, these entities recognized the flaws in this approach and pivoted towards implementing PoLP (Principle of Least Privilege) to enhance security measures.

It's concerning to observe the American government's utilization of an insecure messaging platform, coupled with the allowance for unauthorized users to access top-secret messages. This prompts critical questions about the root cause of such lapses. Could the breach be attributed to the use of personal devices or the absence of BYOD (Bring Your Own Device) security protocols?

To reiterate, these were the security protocols that were blatantly dismissed in my opinion:

Use of personal devices 

Communication in foreign countries 

Insecure messaging 

Lack of VPN

No BYOD protocols 

Classification tags not present

I would love to hear from Security Professionals, much more intelligent than myself, to add any others that I may have missed in the mishandling of this information.