Certified Information Systems Auditor (CISA) — Question 121

Which of the following is the BEST control to mitigate the malware risk associated with an instant messaging (IM) system?

Answer options

• A. Blocking external IM traffic
• B. Blocking attachments in IM
• C. Allowing only corporate IM solutions
• D. Encrypting IM traffic

Correct answer: B

Explanation

Blocking attachments in IM is the best control because attachments can often carry malware. While blocking external traffic or only allowing corporate solutions can help, they do not directly address the specific risk posed by attachments. Encrypting IM traffic is important for security, but it does not mitigate malware risks effectively.