Mark is responsible for the execution of his organization’s security awareness program. Why might he deploy multiple training methods like workshops, online training, and simulations as part of the training?

Organizations often use multiple formats for awareness training to address learning preferences and styles. Compliance requirements typically do not specify how awareness is accomplished, just that it has occurred and can be validated. Multiple modes of training tend to increase costs rather than decreasing them, and KPIs for security awareness look at impact, not modes.