Open
Description
Because we are dealing with sensitive and legal information it behooves us.
Incident response and event reporting need to have anonymous channels installed and public plans for handling any security issue need to be drafted up. There should also be some future goals and a threat model made, one goal will be an anomaly detection system and another is proper logging. NIST is a good start for discovering standards in cybersecurity.