The traditional definition of information security has been something like the protection of the confidentiality, integrity, availability, authenticity, possession, utility and no-repudiation of our information assets.
How about a new way of thinking about information security:
Getting the right information to the right entity at the right time in the right context to take the right action.
Seems like it encompasses all of the original definition.
Better yet, it’s not so esoteric, sounds much more aligned to the business and it’s all about enablement which ultimately is what information security is supposed to do…