website and software security plan

The content of this assignment covers these:
– Creational Patterns.
– Structural Patterns.
– Behavioural Patterns.
– Architectural Patterns
Do you have solid knowledge about these?
Work needed:
Need a website and software security plan. The plan to include how to make our software and website secured from hacking, safety of information, encryption, etc. The plan to also include answering 11 questions regarding security and data management (mentioned below).

About the business:
The business is small money transfer business that keep customer information and transfer information to third party and gets a reference number from a third party back to the software. Then the software send a reference number to customer’s phone number as text message.

– Website, programmed with PHP (hosted with bluehost), that takes customers information (sometimes takes payments as well), and send information to the Software.
– Software, (visual basics and hosted with AWS), collects the information (calculate the fees and store expenses, etc) and transmit the customers’ information and amount to a third party business (to pay out the receiving customer).
– Third party system (does not belong to the business) send the Software a reference number, and software send a text message to the sender with reference number.

The plan needs to address all risks and a plan to prevent any security issue. Also, to answer the following questions:

1. How do you identify your threats and vulnerabilities?
2. What risks have you identified, and what is your plan for mitigating each of them?
3. What process (if any) do you have in place to identify, resolve and record security incidents?
4. Have you conducted any penetration tests, tested for SQL injections vulnerabilities, equipped yourself to thwart Dos/DDos attacks. If no, at what stage will you?

Information Management:
1. What kind of database do you use, and where is it hosted?
2. What methods of encryption do you have on your stored data?
3. What methods of encryption do you have on your data while it’s in transit
4. What data do you store in your databases? (api keys, ETH private keys, passwords, SSNs, etc.)
5. What data do you store in your logs? (api keys, ETH private keys, passwords, SSNs, etc.)
6. What data is encrypted at the column level?
7. How do you ensure that data is disposed of properly? (Specify for each data source identified above)