The Scenario for Information Security Management Assessment Tasks ABD Pty Ltd. is a subcontractor of three health insurance companies in Australia. ABD has four offices located in Sydney (head office), Melbourne, Perth and Brisbane. When the insurance companies receive a health insurance application, then they pass the application to ABD and ABD assesses those applications by reviewing the medical history of the applicants, and accordingly determines the health insurance scheme. In order to do so, ABD pursue written consent from the applicants to access and retrieve their medical history from clinics and hospitals from different places of Australia. The collected medical reports are stored in ABD's database and archived for future reference. ABD has different teams such as medical report retrieval (MRR) team who collect the medical history from the clinics and hospitals; medical team consist of few registered nurses and doctors who analyse the medical history and make reports; Decision making team who determine the suitable health insurance scheme for depending on the medical history; Human resource team who look after the employees and IT team who deals with database management, in-house software development, IT security, information security and privacy etc. ABD has around 500 employees working on a full-time and part-time basis and the employees allowed to work from home using their organisational laptop and VPN (virtual private network) connections. Staff among different teams need to regularly communicate with each other through an internal network. Each location also provides free wireless LAN access to the customers/visitors. Some of the insurance companies have raised concern to ABD about the security and privacy of the data collected and stored in ABD. Hence, the Chief Information Officer (CIO) and Chief Information security Officer (CISO) of ABD would like to revise and update (if needed) their information security program.