The identification of what constitute the Danish critical information infrastructure is currently vague and inconsistent strategically, tactically and operationally. This master study aims to fill a knowledge gap with a novel framework of CIIP governance by mapping the current systems of governance of the Danish critical information infrastructure protection by using a novel multi-scale system identification analysis. In addition, the study presents a bibliometric analysis that reviews current peer-reviewed and grey literature of alternative governance approaches and critical information infrastructure to examine the state-of-the-art practice. By evaluating the system from the perspective of the single-hazard, multi-hazard and all-hazard approaches the research discusses challenges of horizontal coordination and vertical integration with consideration of prioritisation and identification of criticality. Finally, the research suggests adopting an adaptive risk governance approach including a governmental organisation that prioritises critical information infrastructure protection at ministerial level as well as organising a horizontal coordination by identifying the criticality across existing sectors.