This paper aims to review the information security governance (ISG) literature and emphasises the tensions that exist at the intersection of the rapidly changing business climate and the current body of knowledge on ISG.
The intention of the authors was to conduct a systematic literature review. However, owing to limited empirical papers in ISG research, this paper is more conceptually organised.
This paper shows that security has shifted from a narrow-focused isolated issue towards a strategic business issue with “from the basement to the boardroom” implications. The key takeaway is that protecting the organisation is important, but organizations must also develop strategies to ensure resilient businesses to take advantage of the opportunities that digitalization can bring.
The concept of DSG is a new research territory that addresses the limitations and gaps of traditional ISG approaches in a digital context. To this extent, organisational theories are suggested to help build knowledge that offers a deeper understanding than that provided by the too often used practical approaches in ISG research.
This paper supports practitioners and decision makers by providing a deeper understanding of how organisations and their security approaches are actually affected by digitalisation.