Certified Information Security Manager (CISM) — Question 961

Which of the following is the MOST effective control to prevent proliferation of shadow IT?

Answer options

• A. Implement a software allow list.
• B. Conduct periodic vulnerability scanning.
• C. Install a solution to detect unlicensed software.
• D. Conduct software audits.

Correct answer: A

Explanation

Implementing a software allow list is the most effective control because it ensures that only approved applications are used, thereby reducing the risk of shadow IT. The other options, while useful for security purposes, do not directly prevent users from using unauthorized software, which is the core issue of shadow IT.