The main objective of the IS2ME method is the rapid reduction of the information security risk taken by the organization. Within this framework, technical and organisational measures will be implemented in stages as part of a defined project. Its final aims are twofold: binding security to the usual operations of the organization, just as any other requirement of the business processes, while obtaining, simultaneously, short term results that identify the current state of security, the tasks needed to increase it and the action plan for its implementation.

Besides, a prerequisite for the development of these steps is compliance to applicable standards. The objective of IS2ME is not to develop a new standard of information security management, but to approach SMEs towards their standard targets. In order to do this, clearly defined steps that are easily assessed and provide immediate benefits and results on the improvement of security levels establish the grounds for a more detailed development. It is then when Information Security Management Systems may be implemented according to existing normative, if desired.

In order to achieve these objectives, security needs to be considered not only at an abstract and general level, but also in detailed technical and organizational measures. Organizational issues such us organization structure, existing roles, defined responsibilities or information flow will be studied, as well as technical issues such as services topology and architecture, networks, systems and communications, existing security devices or vulnerability assessments.