<![CDATA[This study examines social engineering as a major threat to business communication in the digital era and evaluates the effectiveness of ISO/IEC 27001–based information security policies in Indonesia. Using a systematic literature review of 50 sources published between 2015 and 2024, the research analyzes patterns and impacts of social engineering attacks on organizational information security. The findings indicate that most Indonesian businesses have been targeted by such attacks, with phishing and smishing being the most prevalent techniques, and digital business communication serving as the primary target. Although ISO/IEC 27001 has been widely adopted, the overall level of information security maturity remains moderate, with human factors identified as the weakest element. The study concludes that effective information security policies require the integration of technical, managerial, and organizational culture aspects, and recommends strengthening security awareness programs, continuous training, and adaptive policies to enhance organizational resilience against evolving social engineering threats.]]>
Copyrights © 2025
