According to the statistics of ICST in 2006, there are about 108 companies that have been attacked more than 6 times among the 600 companies surveyed. Information Security was regarded as a technical issue, and not considered as a managing one. Therefore, the study is trying to find out the reasons which result the highly frequent happening of information security breach, they may be caused by short participation of Board of Directors or shortage of relevant legislation, and find the answers which can help the organization prevent or decrease the situation. The author of the study has participated in the research plan, which is about ISG of public and private sectors. The study focuses on the maturity of ISG of domestic enterprises. Through the case study, we try to realize the situation of information security governance of private sectors. The research method of the study is multi-case study. We try to discuss the maturity of ISG of private sectors. We also use indepth interview to understand the problems of conducting ISG. The results of the study show as following. First, the boards and senior executives do not think ISG which is necesarry. Second, the employees who are responsible for ISG don't fully understand what they are supposed to do. Third, we are lack of external incentives and pressures such as regulations. Finally, we are lack of the consultation and assistance of practices of conducting ISG.