In the information age, the scale and scope of cyber attacks on information systems is on the rise. Meanwhile, a new type of terrorism—cyber terrorism has emerged. Cyber terrorists belong to the most dangerous subgroup of hackers. In recent years, many academic researchers have called attention to this hacker group. There is a dearth of research that analyzes and predicts the behavior of cyber terrorists. The aim of this paper is to use game theory to analyze risk in ITbased information systems, predict the behavior of cyber terrorists, and find an optimal investment. This paper proposes a general one-stage static game model that can be applied to all cyber crimes. This model is used to analyze the optimal investment in information systems security from a cyber terrorism perspective.