In approximately 300 words, discuss security and technical drivers for having an access control policy and the key tenets of that policy. Follow APA standard.