Good information security standards should:
A.
define precise and unambiguous allowable limits.
B.
describe the process for communicating violations.
C.
address high-level objectives of the organization.
D.
be updated frequently as new software is released.
Explanation:
A security standard should clearly state what is allowable; it should not change frequently. The
process for communicating violations would be addressed by a security procedure, not a standard.
High-level objectives of an organization would normally be addressed in a security policy.