Security is increasingly important in modern distributed information systems. Distributed Information Systems (DISs) are free and open systems, characterized by their non-locality. Security for DIS is a higher order activity, related to issues as data integrity and interoperability among complex heterogeneous systems. This proposed holistic security approach requires category theory. Security entities and distributed activities e.g. distributed transactions, in a DIS, are expressed as Cartesian Closed Categories and adjoint functors between them, following a four-level modular approach.