Professional Documents
Culture Documents
Management Framework
May 2023
Relevant milestones in Cybersecurity
“Ensure the stability of computer systems and in a security environment against attacks”
Perimeter Firewall, desirable with IPS and WAF module, for the security of applications and sites exposed to the Internet.
Email protection with anti-spam modules and configuration of DKIM and SPF records Phishing and Phishing protection, all available in
Office365 Suite.
Hardering for Servers and applications, databases, operating systems and 3rd party apps: set of techniques, tools and best practices
to reduce vulnerabilities, Administration and enforcement of GPOs in AD For access accounts and application logins and event
logging.
Centralized Antivirus: desirable with EDR and application patching modules for vulnerability management of operating systems and
third party software.
MFA Remote Access Security, mandatory for administrators and optional for users.
The objective of the CIS controls is to contribute to making the Internet ecosystem more secure in Ultramar's
different companies. For this reason, the CIS are not a checklist, but rather a starting point for business units to
create their own cybersecurity ecosystem.
The CIS control implementation groups seek, precisely, to adapt this globally recognized methodology to the reality
and complexity of each of the Holding companies. Thus banishing the idea that cybersecurity is only a matter for
large companies and public administrations.
In this sense, it is logical that the implementation of CIS controls should be carried out taking into account the
characteristics, needs and resources of each company, as well as its level of exposure to cyber-attacks.
Implementation Groups