CISM Certified Information Security Manager – Question1086 - CISM Certified Information Security Manager

Good information security standards should:

A. define precise and unambiguous allowable limits.
B. describe the process for communicating violations.
C. address high-level objectives of the organization.
D. be updated frequently as new software is released.

Correct Answer: A

Explanation:

Explanation:
A security standard should clearly state what is allowable; it should not change frequently. The process for communicating violations would be addressed by a security procedure, not a standard. High-level objectives of an organization would normally be addressed in a security policy.