The primary consideration when implementing controls for monitoring user activity logs is ensuring

that the control is proportional to the risk, because this helps to optimize the balance between the

benefits and costs of the control, and to avoid over- or under-controlling the risk. User activity logs

are records of the actions or events performed by users on IT systems, networks, or resources, such

as accessing, modifying, or transferring data or files. Monitoring user activity logs can help to detect

and prevent potential threats, such as unauthorized access, data leakage, or malicious activity, and to

support the investigation and remediation of incidents. However, monitoring user activity logs also

involves certain costs and challenges, such as collecting, storing, analyzing, and reporting large

amounts of log data, ensuring the accuracy, completeness, and timeliness of the log data, protecting

the privacy and security of the log data, and complying with the relevant laws and regulations.

Therefore, when implementing controls for monitoring user activity logs, the organization should

consider the level and impact of the risk that the control is intended to address, and the value and

effectiveness of the control in reducing the risk exposure and impact. The organization should also

consider the costs and feasibility of implementing and maintaining the control, and the potential

negative consequences or side effects of the control, such as performance degradation, user

dissatisfaction, or legal liability. By ensuring that the control is proportional to the risk, the

organization can achieve the optimal level of risk management, and avoid wasting resources or

creating new risks. Reference = Risk IT Framework, ISACA, 2022, p. 151