© 2020 Elsevier Ltd Information security is a critical aspect and plays a significant role in protecting an organization's business. Organizations are required to safeguard their information and assets to sustain their value and reputation. The systematic literature review presented in this paper aims to introduce information security governance as a comprehensive solution for alignment between information security policies and the organization's objectives. The review identified the need for developing a holistic framework for the information security governance that (1) connects the organization's objectives and its protection, (2) addresses each aspect of strategy, control, and regulation, (3) ensures compliance of procedures and guideline with policies, and (4) ensures continuous evaluation and compliance. The analysis of the literature revealed the main challenges to the adoption of an information security governance program. The review identified seven information security governance domains with 27 critical success that should be considered when developing an effective information security governance framework.