Lately the corporate world has become aware of the need to incorporate security into the organizations. This task is hard and nontrivial, but fortunately there are methodologies that facilitate this process. However, most of the times, these methodologies take for granted that organizations have an information security section, the necessary resources and experience on this field, which is not the case in most organizations.

The authors believe that IS2ME fills a gap in the implementation of security in small and medium enterprises. Unlike traditional methodologies, IS2ME delivers immediate results with a reasonable use of resources. These results mean an immediate reduction of the risk faced by the organization, the solution of a large amount of organizational and technical problems, and a solid foundation of security measures for a full implementation of an Information Security Management System.