Organizations are increasingly digitizing their business models to complement or even replace physical contact with customers and suppliers. With this shift online comes an increase in information security attacks, which are occurring more frequently due to the increased attack surface, vulnerabilities in security controls, and a target-rich environment. Organizations prevent attacks however some attacks are still successful and result in security incidents that degrade operations. When an organization is successfully breached, the organization must respond to the incident as quickly as possible to ensure continued operations and business resilience. However, guidance is lacking for governance of the response function. In a thematic review, we find good governance plays a key role in smooth and efficient incident response and this paper extends knowledge about governance of information security incident response by identifying key governance concepts that improve incident response efforts within organizations.