Which of the following requires authorization from management before altering?

Authorization from management is essential when altering anti-virus mechanisms due to the critical role these systems play in protecting an organization’s digital assets. Anti-virus solutions are designed to detect, prevent, and remove malicious software that could pose significant threats to the integrity, confidentiality, and availability of information systems.

Modifications to anti-virus settings could inadvertently expose the organization to higher risks, such as allowing harmful software to infiltrate the network or decreasing the overall effectiveness of the protection. Therefore, it is important to have management approval to ensure that changes align with organizational security policies, industry best practices, and compliance requirements. This approach helps maintain a robust security posture while minimizing the potential for security breaches.

In contrast, while network configurations, user IDs, and data retention policies also require careful management and oversight, they may not always demand explicit management approval for every change. For instance, routine adjustments to user IDs or standard updates to network configurations might fall under the purview of IT staff without needing higher-level authorization, particularly if following established protocols. Data retention policies are generally set at strategic levels and involve different governance considerations but may not involve immediate, day-to-day operational changes like those seen with anti-virus mechanisms.