This paper discusses real-time and dynamic decision making process on information security incidents, under the game-theoretical assumption that an attacker will act to maximize illegal gain while an defender does to minimize loss due to the attack. The paper develops a decision making model corresponding to the process, where the gain and loss are assessed alternately by the attacker and defender, and attack and defense plans are sequentially determined. The proposed model is formulated and applied to a security incident in order to optimize a set of attack and defense plans.