Good information security standards should:

A. define precise and unambiguous allowable limits.

B. describe the process for communicating violations.

C. address high-level objectives of the organization.

D. be updated frequently as new software is released.

Explanation: A security standard should clearly state what is allowable; it should not change frequently. The process for communicating violations would be addressed by a security procedure, not a standard. High-level objectives of an organization would normally be addressed in a security policy.