Security event logs should record key actions and the results of important security checks (in some cases successes as well as failures). If users have access to this information, they may well be able to help detect attempted or actual account/data breaches as they know more of the usage context. This information might be sent as alert messages (e.g. SMS, email, post), by making event data available as an API, or might appear in the web application as a short summarised activity log available once authenticated such as on the logged-in welcome page, or during the process of logging-off, and also within a user's account details to be accessed on demand. It maybe useful to include non web application events (e.g. mobile app password reset, a major event initiated by letter or the telephone call to the contact centre).

NB: The key concept here is notification of events to users.