T.-h. Kim et al. (Eds.): ISA 2011, CCIS 200, pp. 1–10, 2011. © Springer-Verlag Berlin Heidelberg 2011 Information Security Awareness Campaign: An Alternate Approach Bilal Khan 1 , Khaled S. Alghathbar 1,2 , and Muhammad Khurram Khan 1 1 Center of Excellence in Information Assurance, King Saud University, Kingdom of Saudi Arabia 2 Department of Information System, CCIS, King Saud University, Kingdom of Saudi Arabia {Bilalkhan,Kalghathbar,mkhurram}@ksu.edu.sa Abstract. The destruction due to computer security incidents warns organiza- tions to adopt security measures. In addition to technological measures, individual’s information security awareness is also necessary. Different psycho- logical theories have been proposed to make an effective information security awareness campaign. These information security awareness campaigns are li- mited in their ability in raising awareness of the participants of the campaign. Although much research has been done in the area of information security awareness, however, this paper considers the applications of healthcare aware- ness and environmental awareness strategies to make an effective information security awareness campaign. In this paper, we study some of the useful re- search work conducted in the healthcare and environmental safety awareness domains. These researches have been carried out by well-known researchers in the field of psychology. Finally, we apply these healthcare and environmental awareness best practices to propose an effective information security awareness campaign. Keywords: information security awareness, healthcare, environmental, effective. 1 Introduction Everyday new incidents such as data breaches, threats, risk etc are reported and almost every time these incidents are due to human errors and lack of information security awareness. Many analysts claim that human component of any information security framework is the weakest link. Information is one of the resources that an organization is heavily dependent on. If the critical information of an organization is leaked, the organization can suffer serious consequences, e.g., in the form of loss of income, loss of customers’ trust and maybe legal action etc. therefore, information should be protected and secured. According to information security forum [9], information security awareness can be defined as the extent to which every member of staff understands the importance of information security, the levels of information security appropriate to the organiza- tion, their individual security responsibilities, and acts accordingly. Information secu- rity awareness has been defined in different ways, however; this definition establishes