TY - JOUR AB - Purpose This paper aims to review the information security governance (ISG) literature and emphasises the tensions that exist at the intersection of the rapidly changing business climate and the current body of knowledge on ISG.Design/methodology/approach The intention of the authors was to conduct a systematic literature review. However, owing to limited empirical papers in ISG research, this paper is more conceptually organised.Findings This paper shows that security has shifted from a narrow-focused isolated issue towards a strategic business issue with “from the basement to the boardroom” implications. The key takeaway is that protecting the organisation is important, but organizations must also develop strategies to ensure resilient businesses to take advantage of the opportunities that digitalization can bring.Research limitations/implications The concept of DSG is a new research territory that addresses the limitations and gaps of traditional ISG approaches in a digital context. To this extent, organisational theories are suggested to help build knowledge that offers a deeper understanding than that provided by the too often used practical approaches in ISG research.Practical implications This paper supports practitioners and decision makers by providing a deeper understanding of how organisations and their security approaches are actually affected by digitalisation.Social implications This paper helps individuals to understand that they have increasing rights with regard to privacy and security and a say in what parties they assign business to.Originality/value This paper makes a novel contribution to ISG research. To the authors’ knowledge, this is the first attempt to review and structure the ISG literature. VL - 28 IS - 2 SN - 2056-4961 DO - 10.1108/ICS-02-2019-0033 UR - https://doi.org/10.1108/ICS-02-2019-0033 AU - Schinagl Stef AU - Shahim Abbas PY - 2020 Y1 - 2020/01/01 TI - What do we know about information security governance? “From the basement to the boardroom”: towards digital security governance T2 - Information & Computer Security PB - Emerald Publishing Limited SP - 261 EP - 292 Y2 - 2024/04/24 ER -