Due to the global pandemic that was experienced in 2020, the Small and Medium Enterprises (SMEs) sector in Peru chose to store all their information in cloud services. However, a 2021 Kaspersky study indicates that SMBs have few resources to implement security solutions to protect their information. For this reason, this article proposes a cybersecurity framework composed of controls from ISO/IEC 27001 and the Cybersecurity Framework (CSF) of the National Institute of Standards and Technology (NIST) to mitigate cyber-threats against SMEs in Peru. The framework consists of 7 steps having as reference the Deming cycle (PDCA). For the implementation of the composite framework, we worked with 12 domains and 40 controls for a Peruvian SME in the technology sector. The results showed an increase in cybersecurity of 40 %, after applying the 40 controls, improving its level of maturity from the ...