As a cybersecurity analyst, you notice an application running on multiple employee workstations that has not been approved by the IT department. What is the most appropriate first step to take in this situation?
Conduct an inventory of the software to understand its scope and potential impact.
Notify management and wait for further instructions.
Block the application from accessing the network.
Remove the software from the affected workstations.