Certified in Risk and Information Systems Control (CRISC) — Question 230

Which of the following should be the PRIMARY consideration when implementing controls for monitoring user activity logs?

Answer options

• A. Building correlations between logs collected from different sources
• B. Ensuring the control is proportional to the risk
• C. Implementing log analysis tools to automate controls
• D. Ensuring availability of resources for log analysis

Correct answer: D

Explanation

The correct answer is D because having sufficient resources for log analysis is crucial to effectively monitor user activity and respond to incidents. While the other options are important considerations, they are secondary to ensuring that the necessary resources are in place to conduct thorough analysis and oversight.