The following factors should be involved in deciding on a delivery method for an organization’s security training-
The budget is crucial in deciding whether the training can be completely outsourced, completely in-house, or a hybrid.
- Material and topics
If the material and topics involved are sensitive and confidential in nature or of they involve access to private systems, then the organization will be forced to keep the training in-house.
- Medium of delivery
The training can be in-person or online, involving interactive web-portals, videos, audios, PowerPoint presentations etc. Depending on what is considered suitable for the organization, a decision can be made on the delivery of the training.
- Target group
If the target group is “all employees” a generic stock off-the-shelf training program may suffice. However, if the training is targeting niche group of employees based on their roles and access privileges, then a more specific and custom training program is required.
If in-house staff do not have the expertise to produce quality and effective training material it may be better for the organization to out-source their security training program.
The following are the different types of training delivery methods-
- Off-the-shelf training packages (on-prem or cloud-based)
Products like the SANS training program, Wombat Security Awareness
software, KnowBe4 Security Awareness Training offer training software
Pros: Industry-approved content; Comprehensive
Cons: Expensive; Basic version can be minimal and generic; may require hardware infrastructure
- Complete in-house training
Pros: Cost-effective; can be customized
Cons: The material may not necessarily be of the highest standards; time-consuming to create; hardware and infrastructure resources should be allocated and maintained
- Training consultant services (out-sourcing)
Pros: High quality expert content; can be as generic or specific as required
Cons: Very expensive
An organization can use a bit of each of the above types of delivery methods in their training program.
Pros: Highly customized; can be cost-effective if planned correctly
Cons: Involves personnel dedicated to managing the various modules and ensuring that the goals are met. Can get complex and may not blend with each other.