My understanding is that Ames got drunk as a coot, swept piles of super-secret documents off his desk into shopping bags, and waltzed out the door of CIA HQ.
Regardless of Ames's status, access to paper documents that are classified Top Secret and are on a Special Access Program restricted distribution list should only be made available in a dedicated high-security reading room under the watchful supervision of an in-person monitor. The exception would be documents requested for high-level meetings, which should be delivered by two custodians who can keep an eye on each other, which are given to the presiding officer after the meeting has been convened, signed for, and collected before the meeting is ended.
Access to virtual documents should be similarly restricted, with a cyber-audit to keep track.
No less than once a week, security officers should review the audit record to determine how many documents have been accessed, by whom, and under what circumstances. Patterns of abuse would be much clearer.
Of course, this would inconvenience those who prefer an easier and more informal procedure.