Good information security standards should:
A. define precise and unambiguous allowable limits.
B. describe the process for communicating violations.
C. address high-level objectives of the organization.
D. be updated frequently as new software is released.
Explanation: A security standard should clearly state what is allowable; it should not change frequently. The process for communicating violations would be addressed by a security procedure, not a standard. High-level objectives of an organization would normally be addressed in a security policy.