TINJAUAN LITERATUR SISTEMATIS BUDAYA KEAMANAN INFORMASI: DIMENSI, KERANGKA KERJA, DAN TANTANGAN DI SEKTOR PUBLIK

Authors

  • Ali Sofyan Abdulloh Institut Teknologi Sepuluh Nopember
  • Bambang Setiawan Institut Teknologi Sepuluh Nopember

DOI:

https://doi.org/10.31849/mpvz1430

Keywords:

Budaya Keamanan Informasi, Tinjauan Literatur Sistematis, Kerangka Kerja, Faktor Manusia, Sektor Publik

Abstract

Penerapan budaya keamanan informasi (ISC) yang positif merupakan cara efektif untuk meningkatkan perilaku dan praktik keamanan karyawan, serta mencegah ancaman siber yang masuk melalui faktor manusia. Namun, literatur yang ada saat ini masih menunjukkan inkonsistensi dalam definisi dan dimensi pembentuk ISC. Studi ini menyajikan Tinjauan Literatur Sistematis (SLR) menggunakan protokol PRISMA untuk menganalisis 27 artikel terpilih yang diterbitkan antara 2015 hingga bulan Oktober 2025. Hasil analisis mengidentifikasi pergeseran paradigma dari sekadar awareness menuju pendekatan berbasis perilaku, serta pentingnya faktor lunak (soft factor) seperti kepercayaan (trust). Meskipun studi sektor publik mendominasi secara global, ditemukan adanya urgensi spesifik bagi Indonesia yang hanya memiliki satu studi di konteks pemerintahan. Selain itu, temuan kunci menyoroti kesenjangan implementasi di sektor publik negara berkembang, yang ditandai dengan fenomena "Potemkin Village", di mana kebijakan formal gagal terinternalisasi akibat kendala budaya dan sumber daya. Guna menjembatani kesenjangan tersebut, tinjauan ini merekomendasikan penggunaan kerangka kerja komprehensif seperti STOPE atau ISCA, disertai strategi intervensi yang berfokus pada penguatan area subkultur yang masih lemah dalam lingkungan pemerintahan.

References

[1] AlHogail, A. (2015). Design and validation of information security culture framework. Computers in Human Behavior, 49, 567–575. doi.org/10.1016/j.chb.2015.03.054.

[2] Astakhova, L. V. (2020). Issues of the culture of information security under the conditions of the digital economy. Scientific and Technical Information Processing, 47(1), 56–64. doi.org/10.3103/S0147688220010062.

[3] Chen, Y. A. N., Ramamurthy, K., & Wen, K.-W. (2015). Impacts of comprehensive information security programs on information security culture. Journal of Computer Information Systems, 55(3), 11–19. doi.org/10.1080/08874417.2015.11645767.

[4] Da Veiga, A. (2016). Comparing the information security culture of employees who had read the information security policy and those who had not: Illustrated through an empirical study. Information & Computer Security, 24(2), 139–151. doi.org/10.1108/ICS-12-2015-0048.

[5] Da Veiga, A., Astakhova, L. V, Botha, A., & Herselman, M. (2020). Defining organisational information security culture—Perspectives from academia and industry. Computers & Security, 92, 101713. doi.org/10.1016/j.cose.2020.101713.

[6] Da Veiga, A., & Martins, N. (2015). Improving the information security culture through monitoring and implementation actions illustrated through a case study. Computers & Security, 49, 162–176. doi.org/10.1016/j.cose.2014.12.006.

[7] Da Veiga, A., & Martins, N. (2017). Defining and identifying dominant information security cultures and subcultures. Computers & Security, 70, 72–94. doi.org/10.1016/j.cose.2017.05.002.

[8] Glaspie, Henry, "Assessment of Information Security Culture in Higher Education" (2018). Electronic Theses and Dissertations. 6009. https://stars.library.ucf.edu/etd/6009.

[9] Greig, A., Renaud, K., & Flowerday, S. (2015). An ethnographic study to assess the enactment of information security culture in a retail store. 2015 World Congress on Internet Security (WorldCIS), 61–66. doi.org/10.1109/WorldCIS.2015.7359415.

[10] Julfiana, E., Ransi, N., & Rahman, G. A. (2023). Analysis of Information Security Culture at FMIPA Halu Oleo University Using Partial Least Squares-Structural Equation Modeling Method. IAIC International Conference Series, 4(1), 153–164. doi.org/10.34306/conferenceseries.v4i1.647.

[11] Mahfuth, A., Yussof, S., Baker, A. A., & Ali, N. (2017). A systematic literature review: Information security culture. 2017 International Conference on Research and Innovation in Information Systems (ICRIIS), 1–6. doi.org/10.1109/ICRIIS.2017.8002442.

[12] Orehek, Š., & Petrič, G. (2021). A systematic review of scales for measuring information security culture. Information & Computer Security, 29(1), 133–158. doi.org/10.1108/ICS-12-2019-0140.

[13] AlGhamdi, S., Win, K. T., & Vlahu-Gjorgievska, E. (2022). Employees’ intentions toward complying with information security controls in Saudi Arabia’s public organisations. Government Information Quarterly, 39(4), 101721. doi.org/10.1016/j.giq.2022.101721.

[14] Moher, D., Liberati, A., Tetzlaff, J., & Altman, D. G. (2009). Preferred reporting items for systematic reviews and meta-analyses: the PRISMA statement. Bmj, 339. doi.org/10.1371/journal.pmed.1000097.

[15] Nasir, A., Abdullah Arshah, R., & Ab Hamid, M. R. (2019). A dimension-based information security culture model and its relationship with employees’ security behavior: A case study in Malaysian higher educational institutions. Information Security Journal: A Global Perspective, 28(3), 55–80. doi.org/10.1080/19393555.2019.1643956,

[16] Nasir, A., Arshah, R. A., Ab Hamid, M. R., & Fahmy, S. (2019). An analysis on the dimensions of information security culture concept: A review. Journal of Information Security and Applications, 44, 12–22. doi.org/10.1016/j.jisa.2018.11.003.

[17] Page, M. J., McKenzie, J. E., Bossuyt, P. M., Boutron, I., Hoffmann, T. C., Mulrow, C. D., Shamseer, L., Tetzlaff, J. M., Akl, E. A., & Brennan, S. E. (2021). The PRISMA 2020 statement: an updated guideline for reporting systematic reviews. Bmj, 372. doi.org/10.1136/bmj.n71.

[18] Parlindungan, M. (2024). Eksplorasi Kesadaran dan Faktor Budaya Keamanan Terhadap Keamanan Informasi Dinas Komunikasi dan Informatika Kabupaten XYZ. The Indonesian Journal of Computer Science, 13(6). doi.org/10.33022/ijcs.v13i6.4536.

[19] Parsons, K. M., Young, E., Butavicius, M. A., McCormac, A., Pattinson, M. R., & Jerram, C. (2015). The influence of organizational information security culture on information security decision making. Journal of Cognitive Engineering and Decision Making, 9(2), 117–129. doi.org/10.1177/1555343415575152.

[20] Sherif, E., Furnell, S., & Clarke, N. (2015). An identification of variables influencing the establishment of information security culture. Human Aspects of Information Security, Privacy, and Trust: Third International Conference, HAS 2015, Held as Part of HCI International 2015, Los Angeles, CA, USA, August 2-7, 2015. Proceedings 3, 436–448. doi.org/10.1007/978-3-319-20376-8_39.

[21] Syauqina, S., Sari, P. K., Prasetio, A., & Candiwan, C. (2019). Analisis Budaya Keamanan Informasi Di Puskesmas Kota Bandung. Jurnal Kesehatan Vokasional, 4(2), 70–79. doi.org/10.22146/jkesvo.44409.

[22] Tang, M., Li, M., & Zhang, T. (2016). The impacts of organizational culture on information security culture: a case study. Information Technology and Management, 17(2), 179–186. doi.org/10.1007/s10799-015-0252-2.

[23] Tenzin, S., McGill, T., & Dixon, M. (2024). An Investigation of the Factors That Influence Information Security Culture in Government Organizations in Bhutan. Journal of Global Information Technology Management, 27(1), 37–62. doi.org/10.1080/1097198X.2023.2297634.

[24] Tolah, A., Furnell, S. M., & Papadaki, M. (2021). An empirical analysis of the information security culture key factors framework. Computers & Security, 108, 102354. doi.org/10.1016/j.cose.2021.102354.

Downloads

Published

2026-01-11

Issue

Vol. 8 No. 1 (2026): Publikasi artikel ZONAsi: Jurnal Sistem Informasi Periode Januari 2026

Section

Articles

License

Copyright (c) 2026 ZONAsi: Jurnal Sistem Informasi

Creative Commons License

This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.

CC BY-SA 4.0


Attribution-ShareAlike 4.0

You are free to:

  1. Share — copy and redistribute the material in any medium or format for any purpose, even commercially.
  2. Adapt — remix, transform, and build upon the material for any purpose, even commercially.
  3. The licensor cannot revoke these freedoms as long as you follow the license terms.

Under the following terms:

  1. Attribution — You must give appropriate credit , provide a link to the license, and indicate if changes were made . You may do so in any reasonable manner, but not in any way that suggests the licensor endorses you or your use.
  2. ShareAlike — If you remix, transform, or build upon the material, you must distribute your contributions under the same license as the original.
  3. No additional restrictions — You may not apply legal terms or technological measures that legally restrict others from doing anything the license permits.

Notices:

You do not have to comply with the license for elements of the material in the public domain or where your use is permitted by an applicable exception or limitation .

No warranties are given. The license may not give you all of the permissions necessary for your intended use. For example, other rights such as publicity, privacy, or moral rights may limit how you use the material.

How to Cite

[1]
“TINJAUAN LITERATUR SISTEMATIS BUDAYA KEAMANAN INFORMASI: DIMENSI, KERANGKA KERJA, DAN TANTANGAN DI SEKTOR PUBLIK”, zn, vol. 8, no. 1, pp. 23–33, Jan. 2026, doi: 10.31849/mpvz1430.