As information and communication technologies are empowered in organizations, they are also victims of attacks in cyberspace, generating the need to protect the most important asset, information. For this reason, it is important to develop the 'HOGO' reference framework based on the good practices of ISO 27002 and the security controls of ISO 27032 for cybersecurity in SMEs. The results of the research show the benefits of the implementation of the reference framework 'HOGO' in SMEs, applying good practices related to internet security, critical infrastructures for information, network security, and information security.