CISM Certified Information Security Manager – Question1087 - CISM Certified Information Security Manager

Good information security procedures should:

A. define the allowable limits of behavior.
B. underline the importance of security governance.
C. describe security baselines for each platform.
D. be updated frequently as new software is released.

Correct Answer: D

Explanation:

Explanation:
Security procedures often have to change frequently to keep up with changes in software. Since a procedure is a how-to document, it must be kept up-to-date with frequent changes in software. A security standard such as platform baselines — defines behavioral limits, not the how-to process; it should not change frequently. High-level objectives of an organization, such as security governance, would normally be addressed in a security policy.