Factors influencing information security management in small- and medium-sized enterprises: A case study from Turkey

The aims of the study were to examine enterprise information security in small and medium-sized enterprises (SMEs) in Bursa, Turkey and to compare the results with similar data gathered from different countries. This study was conducted through questionnaires consisting of 49 questions grouped into 9 sections. The questionnaires were delivered to 97 SMEs in Bursa, Turkey. The companies have been operating for 15.93 ± 11.67 (2–54) years. The number of PCs in the companies and their years of use were in the ranges of 53.51 ± 64.88 (2–240) and 12.47 ± 6.32 (1–30) years, respectively. According to the findings of this study, it can be speculated that when Communications and Operations Management and security policy improve, other security parameters in the companies, such as Organizational, Personnel and Physical and Environmental Securities improve as well. In addition, the results have shown that Turkish companies do not attach as much importance to information technology security as their counterpart companies from different countries do.

Research highlights▶ Turkish companies do not attach as much importance to information technology security. ▶ Security policies are generally applied by enterprises with no reference to agreed standards. ▶ When Communications and Operations Management and Security Policy improve, other security parameters improve as well.