To address current difficulties of SMEs that are reluctant to invest in information security due to cost, this paper intends to provide an information security guideline that will allow SMEs to adopt cost efficient security measures. In particular, the information security guideline categorizes SMEs by their informatization level, presents an architecture for determining the level of security required for protecting information assets, such as PC, server, network and data, for each level, and provides cost effective information protection measures accordingly. Keywords : Information Security, Guideline, SMEs, Level of Informatization, Security level