Certified Information Systems Auditor (CISA) — Question 1187

Which of the following is an example of shadow IT?

Answer options

• A. An employee using a cloud-based order management tool without approval from IT
• B. An employee using a company-provided laptop to access personal banking information
• C. An employee using personal email to communicate with clients without approval from IT
• D. An employee using a company-provided tablet to access social media during work hours

Correct answer: A

Explanation

The correct answer, A, refers to the use of a cloud-based tool without IT's consent, which is the essence of shadow IT. Options B, C, and D involve using company devices for personal activities, but they do not represent the unauthorized use of technology resources that shadow IT encompasses.