Ancaman Social Engineering dalam Komunikasi Bisnis dan Efektivitas Kebijakan Keamanan Informasi di Organisasi Modern
DOI:
https://doi.org/10.63217/orasi.v2i2.263Keywords:
social engineering, information security, business communication, security policy, ISO/IEC 27001, security awareness, modern organizationsAbstract
This study examines social engineering as a major threat to business communication in the digital era and evaluates the effectiveness of ISO/IEC 27001–based information security policies in Indonesia. Using a systematic literature review of 50 sources published between 2015 and 2024, the research analyzes patterns and impacts of social engineering attacks on organizational information security. The findings indicate that most Indonesian businesses have been targeted by such attacks, with phishing and smishing being the most prevalent techniques, and digital business communication serving as the primary target. Although ISO/IEC 27001 has been widely adopted, the overall level of information security maturity remains moderate, with human factors identified as the weakest element. The study concludes that effective information security policies require the integration of technical, managerial, and organizational culture aspects, and recommends strengthening security awareness programs, continuous training, and adaptive policies to enhance organizational resilience against evolving social engineering threats.
References
Amirinnisa, R., & Bisma, A. (2023). Strategi pengelolaan keamanan informasi dalam transformasi digital organisasi. Jurnal Manajemen Informasi, 7(2), 115–128.
Ardius, M., & Syamsuar, D. (2023). Assessment risk terhadap penggunaan sistem informasi akademik menggunakan metode ISO/IEC 27001. Jurnal Sistem Informasi dan Keamanan, 5(1), 45–56.
Arini, F. (2019). Dampak work from home terhadap keamanan informasi organisasi. Jurnal Manajemen Informatika.
Arumdiya, S., & Rudianto, H. (2025). Reorganisasi kontrol ISO/IEC 27001:2022 dan implikasinya terhadap manajemen risiko keamanan informasi. Jurnal Keamanan Siber Indonesia, 4(1), 1–14.
Bakri, M., & Irmayana, A. (2017). Ancaman keamanan informasi dalam era internet of things. Jurnal Teknologi Informasi.
Bank BSI. (2024). Laporan keamanan siber dan tren social engineering di Indonesia. Jakarta: Bank Syariah Indonesia.
Barraza, J., Gomez, L., & Hernandez, R. (2023). Cybersecurity maturity model untuk organisasi modern. International Journal of Cybersecurity.
Budi, S., Rahmawati, N., & Pratama, R. (2021). Social engineering sebagai ancaman utama dalam keamanan informasi organisasi. Jurnal Teknologi Informasi dan Komunikasi, 9(3), 201–213.
CSIRT Cirebon. (2025). Analisis tren serangan social engineering berbasis media sosial. Cirebon: CSIRT Cirebon.
CSIRT Teknokrat. (2024). Laporan insiden keamanan siber dan business email compromise. Bandar Lampung: CSIRT Teknokrat.
Daniswara, A., Nugroho, B., & Putri, S. (2023). Evaluasi keamanan informasi di lingkungan rumah sakit menggunakan pendekatan audit ISO 27001. Jurnal Kesehatan Digital, 6(2), 89–102.
Djebbar, M., & Nordstrom, L. (2023). Compliance challenges in information security management: ISO 27001 perspective. International Journal of Information Security Management, 12(4), 233–247.
Edavos. (2025). Serangan siber terhadap pusat data nasional dan implikasinya terhadap layanan publik. Jurnal Keamanan Nasional, 3(1), 1–10.
Fattah, R., Siregar, M., & Utami, L. (2024). Evaluasi efektivitas kebijakan keamanan informasi berbasis ISO 27001 di organisasi modern. Jurnal Manajemen Risiko Siber, 8(1), 55–69.
Intertek SAI Global. (2024). ISO/IEC 27001:2022 information security management systems overview. London: Intertek Group.
ISOCENTER Indonesia. (2015). Panduan sistem manajemen keamanan informasi ISO/IEC 27001. Jakarta: ISOCENTER Indonesia.
ITGID. (2025). Collaboration tools vulnerabilities and security challenges. Jakarta: ITGID Research.
Jelita, A., Prakoso, T., & Handayani, D. (2024). Budaya organisasi dan efektivitas keamanan informasi berbasis ISO 27001. Jurnal Ilmu Komunikasi dan Teknologi, 11(2), 134–148.
Justyna, K., & Abbas, R. (2021). Digital business communication: Opportunities and security challenges. Journal of Business Communication.
Kamal, M., Hidayat, R., & Saputra, A. (2024). Information technology security audit at the YDSF national zakat institution using the ISO 27001 framework. Journal of Information Systems Audit, 5(2), 77–90.
Kurii, S., & Opirskyy, I. (2023). Information security management systems and human factors. Cybersecurity Review, 14(1), 21–35.
Ladayya, R., Putra, A., & Hidayah, N. (2024). Kesadaran keamanan informasi atas phishing, smishing, dan vishing pada masyarakat perkotaan. Jurnal Keamanan Informasi, 6(3), 210–224.
Maulana, F. (2025). Metodologi systematic literature review dalam penelitian keamanan informasi. Bandung: Pustaka Akademik.
Master of Computer Science BINUS. (2021). Keamanan informasi dan sistem manajemen keamanan informasi. Jakarta: BINUS University Press.
Media Indonesia. (2024). Lonjakan serangan phishing di Indonesia sepanjang 2024. Media Indonesia.
Mitraberdaya. (2024). Regulasi penerapan ISO/IEC 27001 di Indonesia. Jakarta: Mitraberdaya Consulting.
Nurbojatmiko, A., Wibowo, H., & Lestari, S. (2024). Keamanan informasi dalam era society 5.0. Jurnal Transformasi Digital, 5(1), 1–15.
Riana, D., Kurniawan, F., & Lestari, S. (2023). Analisis maturity level dan PDCA dalam penerapan audit sistem manajemen keamanan informasi. Jurnal Audit Sistem Informasi.
Rochmadi, T., & Pasa, I. (2021). Pengukuran risiko dan evaluasi keamanan informasi menggunakan indeks KAMI berdasarkan ISO 27001. Jurnal Sistem Pemerintahan Digital, 4(2), 98–111.
Sinaga, R., & Taan, A. (2024). Penerapan ISO/IEC 27001:2022 dalam tata kelola keamanan sistem informasi. Jurnal Tata Kelola Teknologi Informasi, 10(1), 33–47.
Yahya, F., Suryani, D., & Rahmat, A. (2023). Program kesadaran keamanan informasi dan perubahan perilaku karyawan. Jurnal Psikologi Organisasi, 7(2), 120–134.
