What factors should be involved in deciding on a delivery method for an organization’s security training?

The following factors should be involved in deciding on a delivery method for an organization’s security training-

  • Budget

The budget is crucial in deciding whether the training can be completely outsourced, completely in-house, or a hybrid.

  • Material and topics

If the material and topics involved are sensitive and confidential in nature or of they involve access to private systems, then the organization will be forced to keep the training in-house.

  • Medium of delivery

The training can be in-person or online, involving interactive web-portals, videos, audios, PowerPoint presentations etc. Depending on what is considered suitable for the organization, a decision can be made on the delivery of the training.

  • Target group

If the target group is “all employees” a generic stock off-the-shelf training program may suffice. However, if the training is targeting niche group of employees based on their roles and access privileges, then a more specific and custom training program is required.

  • Expertise

If in-house staff do not have the expertise to produce quality and effective training material it may be better for the organization to out-source their security training program.

The following are the different types of training delivery methods-

  • Off-the-shelf training packages (on-prem or cloud-based)

Products like the SANS training program, Wombat Security Awareness software, KnowBe4 Security Awareness Training offer training software solutions.
Pros: Industry-approved content; Comprehensive

Cons: Expensive; Basic version can be minimal and generic; may require hardware infrastructure

  • Complete in-house training
    Pros: Cost-effective; can be customized
    Cons: The material may not necessarily be of the highest standards; time-consuming to create; hardware and infrastructure resources should be allocated and maintained
  • Training consultant services (out-sourcing)
    Pros: High quality expert content; can be as generic or specific as required

Cons: Very expensive

  • Hybrid
    An organization can use a bit of each of the above types of delivery methods in their training program.
    Pros: Highly customized; can be cost-effective if planned correctly
    Cons: Involves personnel dedicated to managing the various modules and ensuring that the goals are met. Can get complex and may not blend with each other.