Over the past half a century, organizations have implemented information systems for managing their business processes. These information systems have now evolved into what are more commonly known as enterprise information systems. An important facet of implementing an enterprise information system in an organization is the development of security related issues within the information system for the business processes. In this paper, we review the relevant literature related to the security policies that are associated with the use of enterprise information systems within organizations. Based on this literature review, we identify four major issues which are security policy documentation, employee awareness, top management support, and access control. A conceptual framework based on these four issues is then presented within the context of corporate governance for the security of the enterprise information systems. We conclude our work with the future direction for this research.