Delivery method

There are three principle methods of delivery for the security awareness message: Web-based, offline, and instructor led. Web-based delivery is the best way for most distributed organizations to reach all employees. Multi-purpose authoring tools enable customized messages, delivered by PowerPoint and enhanced with audio. They also allow integration of quizzes and tracking of participation. Placing an awareness presentation on the company Intranet, with participation tracking enabled, is a good way to reach everyone. It’s also a good way of demonstrating awareness efforts to auditors.

Offline awareness presentations are provided for those employees without high speed access to the Intranet. However, special delivery packages are not usually needed if multi-purpose tools are used. For example, the training modules on my site are available for either online viewing or for download. I could also choose to distribute them via CD-ROM.



Instructor led training is typically not necessary for initial awareness delivery. The content should be high-level, easy to understand, and applicable to every participant. It’s usually appropriate to reserve classroom training for in-depth training of targeted audiences.


Regardless of the delivery method, it’s important to validate everyone participates. Leaving pockets of employees unaware of the importance of security and how their actions affect system assurance is like leaving one or more windows open on a locked house.