ABSTRACTThe ultimate aim of security is to retain a resource of value at a nominated state. Whether preserving the availability of a bank balance, ensuring personal safety, preserving the confidentiality of information in a database, or safeguarding the integrity of a territorial border, the aim of security is to maintain the nominated state of a designated resource. For that state to be maintained in the presence of agile threats, the security system must be equally agile. Such agility requires a framework of agile system components with well‐known interactions and the application of agile governance procedures. Yet, despite security methods proposed by many national governments, standards organisations, think tanks, academics and commentators, none of those methods achieved a lasting impact. Part of the reason for this is that current methods use or rely upon terminology that is confusing, inconsistent, incomplete, or contains language that is specific to the physical, personnel, or electronic domains of security. Consequently, the current set of security terms and definitions provide little assistance in the design and application of security systems (Thompson et al. 2012) and do little to provide the firm base necessary for agile security systems that must survive in an environment of uncertainty, unpredictability, and evolution. This paper presents a security framework based on a harmonised taxonomy of security, resilience and governance (Thompson et al. 2102, 2015) that is applicable across the physical, personnel, and electronic domains. The utility of the framework is then demonstrated for the design of sustainably secure systems.