Abstract
Nowadays data are considered most important capitals of an organization, playing a main role in it, in addition to their contribution to software equipmentsand buildings. Different enterprises have different security requirements and different security controls should be applied with respect to its requirements. To preserve data in terms of security as well as comprehensiveness, a great deal of efforts has been conducted. This study aims to investigate how information security in small- and medium-sized enterprises and organizations are managed in Iran and turkey and then compares the obtained results with similar data collected from Turkey. This study has been conducted through questionnaires completed by enterprises with a history of more than 10 years. The number of enterprises in the intended enterprises is between 7 to 90 ones. The result of the work has been compared with results from Turkey.