Abstract Information security is a critical aspect and plays a significant role in protecting an organization's business. Organizations are required to safeguard their information and assets to sustain their value and reputation. The systematic literature review presented in this paper aims to introduce information security governance as a comprehensive solution for alignment between information security policies and the organization's objectives. The review identified the need for developing a holistic framework for the information security governance that (1) connects the organization's objectives and its protection, (2) addresses each aspect of strategy, control, and regulation, (3) ensures compliance of procedures and guideline with policies, and (4) ensures continuous evaluation and compliance. The analysis of the literature revealed the main challenges to the adoption of an information security governance program. The review identified seven information security governance domains with 27 critical success that should be considered when developing an effective information security governance framework.

中文翻译：

---

信息安全治理挑战和关键成功因素：系统审查

摘要 信息安全是一个关键方面，在保护组织的业务方面发挥着重要作用。组织需要保护其信息和资产以维持其价值和声誉。本文中提出的系统文献综述旨在介绍信息安全治理，作为信息安全策略与组织目标之间保持一致的综合解决方案。审查确定需要为信息安全治理制定一个整体框架，以 (1) 将组织的目标与其保护联系起来，(2) 解决战略、控制和监管的各个方面，(3) 确保程序和指南的合规性与政策，以及 (4) 确保持续评估和合规性。对文献的分析揭示了采用信息安全治理计划的主要挑战。审查确定了七个信息安全治理领域，其中 27 个关键成功在开发有效的信息安全治理框架时应予以考虑。