Critical infrastructures today are highly interdependent and increasingly important in providing services to the rest of the society. At the same time, each type of infrastructure requires specialised knowledge to design and manage. Therefore, to get a better understanding of how the infrastructures and the effect of interdependencies work as a whole, it is necessary to have an interdisciplinary approach to Critical Infrastructure Protection (CIP). We have identified two research fields with high potential for synergies with the CIP field, namely Geographical Information Science (GIScience) and Risk Governance (RG). GIScience is a mature research field which encompasses, for example, spatial data collection, spatial statistics, theories of spatial data and data structures. RG is a relatively young field which focuses on how several stakeholders can manage shared risks, for example, the effect of interdependencies, together. Other researchers have also expressed a potential for synergies in combining these areas. This study reviews scientific literature that integrates either GIScience or RG in a CIP context, or preferably all three fields simultaneously. The review was carried out based on a scoping study methodology. Preliminary results from the study show that GIScience is used to perform a variety of tasks within a CIP-context such as data collection, information management, both supporting and performing modelling and simulation, hazard mapping, vulnerability mapping or visualisation of data. Most GIScience-related articles are closer related to risk management or disaster risk reduction, and only a few combine it also slightly with an RG perspective. An interesting finding is that quite a few articles consider national geographical information databases as critical infrastructures by themselves. Another observation is that GIS is often used in combination with network theory, either to perform analysis directly in GIS software or as a pre- or post-processor for network analysis. The RG and CIP articles seem to focus on the need for a shift from risk management to risk governance within CIP. However, they remain limited to a conceptual level. We found several useful examples of combining GIScience or RG with CIP in the gathered material, although we did not find any articles that integrated all three fields as we see it. We conclude that there seem to be significant benefits and research opportunities in more closely and coherently integrating GIScience and RG approaches and methods to address research problems within the CIP-field.