The core concept of security is about protection. To be specific, security in discussion has to consider 1) what to protect, 2) why to protect, 3) how to protect, and 4) to what extent. Given the key points above, I define security as follows:

The intended outcome is the goal of security. Assets are anything of value worthy of protection. Information is one of the most critical assets in cybersecurity. Confidentiality, integrity, and availability are the objectives of information security. Implementing protective services aims to manage risk by applying security controls to achieve security objectives.