“…Thus, the works that describe a great variety of factors of organizational type are incipient and with a predominant qualitative analysis. These factors are business size, sector, information security policy, information security education, training, culture, behavior and compliance with security policy, awaraness, knowledge, visibility (Flores et al, 2014;Singh et al, 2014;Cram et al, 2017;Doherty and Tajuddin, 2018). The literature highlights the need to advance in the field of knowledge not only describing but also organizing the factors and analysing in an empirical way the effect they have on the performance of information security management.…”