The increasing interest arising around the field of security becomes a pragmatic issue when we consider the behavior of the employees of large organizations involved in critical infrastructures. As a matter of common knowledge, the human factor is the weakest link in the security chain. This introduces the topic of the security awareness of employees in large organizations. In this paper, we describe the results of a survey designed and delivered to large organizations in Europe, to understand how the topic of security is perceived and implemented and which are the security awareness initiatives held by organizations to instruct their employees. Moreover, we evaluate 23 methods to increase the security awareness, on the basis of several indicators describing their effectiveness, cost, implementation time, and other relevant aspects, to emphasize their pros and cons and their areas of applicability. Finally, we describe a tool developed to support the design of a security awareness campaign respecting the constraints imposed by the needs of each organization.