The aims of the study were to examine enterprise information security in small and medium-sized enterprises (SMEs) in Bursa, Turkey and to compare the results with similar data gathered from different countries. This study was conducted through questionnaires consisting of 49 questions grouped into 9 sections. The questionnaires were delivered to 97 SMEs in Bursa, Turkey. The companies have been operating for 15.93 +/- 11.67 (2-54) years. The number of PCs in the companies and their years of use were in the ranges of 53.51 +/- 64.88(2-240) and 12.47 +/- 6.32(1-30) years, respectively. According to the findings of this study, it can be speculated that when Communications and Operations Management and security policy improve, other security parameters in the companies, such as Organizational. Personnel and Physical and Environmental Securities improve as well. In addition, the results have shown that Turkish companies do not attach as much importance to information technology security as their counterpart companies from different countries do. (C) 2010 Elsevier Ltd. All rights reserved.