I struggle to define "secure" in the context of information systems. The best I can do is that "An object is secure if it behaves according to our expectations." This opens up a lot of questions. One problem is that my definition makes security subjective. This is logically OK, and it doesn't conflict with any of our intuitions. Also, there is the distinction between "functional" and "secure." If the function of the object is fully specified, then functional correctness entails security. However that is rarely the case. Denial of service is considered a security issue. But denial of service is really just a breakdown in functionality.