An Integrated Information Security Governance Model for Hyperconnected IoT Ecosystems; Unified Resilient Security Governance Model (URSGM)

Hyperconnected IoT ecosystems have become crucial for organizational operations; yet, existing governance structures remain fragmented, are technology-centric, and not well-equipped to manage the risks, compliance pressures, and resilience needs of IoT. This paper presents an integrated, theory-based information security governance model that is tailored for IoT-driven organizations. A conceptual synthesis is performed through integrating five theoretical anchors: governance theory, socio-technical systems theory, risk governance theory, institutional/compliance theory, and resilience/adaptive capacity theory. These theoretical lenses are used to derive essential governance constructs and to develop a modular architecture tailored to IoT security needs. The model’s validity is grounded in theoretical integration rather than empirical testing, consistent with the nature of conceptual research. The integrated model provides six interdependent governance dimensions: strategic governance, operational governance, technical oversight, compliance alignment, risk governance, and resilience/adaptation, anchored by an ecosystem coordination layer. It provides structured decision rights, continuous risk monitoring, regulatory legitimacy, and native adaptive capabilities toward dynamic cyber-physical threats. This research addresses a known gap in the literature on IoT governance by providing an integrated, theoretically validated governance model that systematically connects the rationale and operational mechanisms of governance for resilient, future-proof IoT adoption. The model is further operationalized through a five-level maturity structure, enabling organizations to assess and progressively enhance governance capabilities.