Good information security procedures should:
A.
define the allowable limits of behavior.
B.
underline the importance of security governance.
C.
describe security baselines for each platform.
D.
be updated frequently as new software is released.
Explanation:
Security procedures often have to change frequently to keep up with changes in software. Since a
procedure is a how-to document, it must be kept up-to-date with frequent changes in software. A
security standard such as platform baselines—defines behavioral limits, not the how-to process; it
should not change frequently. High-level objectives of an organization, such as security
governance, would normally be addressed in a security policy.