Currently, around 6 billion fake emails are sent around the world, resulting in data leakage losses of approximately 3 million per violated company, despite this, SMEs have reduced their budgets for security, thus being exposed to various threats. The security architectures that support companies are aimed at large organizations that have the resources to implement them, the opposite situation occurs with SMEs. This work proposes a security architecture for the protection of digital assets in SMEs, which seeks to increase the levels of effectiveness in defense mechanisms through the deployment of effective controls. The architecture is based on OSA concepts and SABSA methodology, and considers the contextual and conceptual, logical and physical layers adapted to SME. Also, consider a toolkit to support the controls. Finally, a simulation of the use of architecture for a company is carried out, thus achieving an increase in the security level from 34.90% to 67.86%.