Good information security procedures should:
A.
define the allowable limits of behavior.
B.
underline the importance of security governance.
C.
describe security baselines for each platform.
D.
be updated frequently as new software is released.
Explanation:
Security procedures often have to change frequently to keep up with changes in software. Since a procedure is a how-to document, it must be kept up-to-date with frequent changes in software. A security standard such as platform baselines — defines behavioral limits, not the how-to process; it should not change frequently. Highlevel objectives of an organization, such as security governance, would normally be addressed in a security policy.