Which of the following describes a software installation control measure?

The choice that correctly describes a software installation control measure is focused on the concept of whitelisting. Whitelisting involves creating an approved list of software that is permitted to be installed and used within an organization. This control measure is crucial for cybersecurity because it helps to prevent the installation of potentially harmful or unauthorized software that could introduce vulnerabilities or malicious code into a system. By only allowing software that has been pre-approved, organizations can maintain a more secure environment and reduce the risk of cyberattacks.

In the context of the other options, relying solely on software downloaded from the Internet does not inherently provide control over what is safe or approved, making it less effective. Allowing any purchased software fails to establish criteria for what is safe, posing risks since not all purchased software is secure or necessary for operations. Automatically installing updates, although important for security, does not address the fundamental issue of controlling which software may be installed in the first place. Thus, the focus on a whitelist approach effectively ensures that only vetted and safe software is utilized.