Assume you have been asked to serve as a consultant for a local grocer interested in launching an online business on the Internet. Develop a security plan that can be incorporated as part of the technical infrastructure… can anyone help mi with this?

There are many elements of a security plan for a business like this. Here are a couple of key points that can be areas of focus for you:
1. Restrict administrative access to web and back-end application, mid-range, and database servers with password protection, Access Control Lists (ACLs), and other measures. Enable services only when required.
2. Segment web server infrastructure from other, internal, assets like databases, mail servers, LAN hardware, etc. Utilize a DMZ architecture and permit port 80/443 access to this network zone only.
3. Implement perimeter security measures like firewalls and intrusion detection/prevention platforms.
4. e-business is useless if the services are unavailable or slow. Plan for high availability by implementing redundant systems with no single point of failure. Web server load balancers and redundant infrastructure items are important components of this strategy.
5. Encryption (via SSL (https)) is a key measure for the protection of the clients of this business.
6. Retain all device and server logs. These will assist in troubleshooting, event or intrusion investigation, and in audits.
7. Implement a patch testing and deployment procedure to limit vulnerabilities in server and device operating systems.

There is certainly a lot more to this, but this should give you a little to start with.