The security department at XYZ Corporation suspects insider threat after noticing multiple unauthorized access attempts to highly sensitive data. Which of the following measures would be the BEST to identify and track user activities?