The main areas of application of game theory are economics, political science, tactical and military-strategic tasks, evolutionary biology and, more recently, information technology, security and artificial intelligence. Game theory studies the problems of decision-making of several people (players). It concerns the behavior of players whose decisions affect each other. The application of game theory in the field of modeling decision-making processes has different approaches, which are not systematized in the future, and sometimes contradict each other. Game theory is designed to solve situations in which the outcome of players' decisions depends not only on how they choose them, but also on the choices of other players with whom they interact. If we consider the field of information security, the peculiarity of the information conflict between the operational management system of information protection and the infringer who tries to gain unauthorized access is that opposing parties who have several ways of action can apply them repeatedly, choosing the best way based on information about the opposite parties. In this case, each step of resolving the conflict is characterized not by the final state, but by some payment function. In many situations, when designing information security systems, there is a need to develop and make decisions in conditions of uncertainty. Uncertainty can be of different nature. The planned actions of hackers, which are aimed at reducing the effectiveness of security systems, are uncertain. Uncertainty may relate to a risk situation in which the management system of the information network that decides on the application of the protection system is able to establish not only all possible results of decisions, but also the probability of possible conditions for their occurrence. Design conditions affect decision-making subconsciously, regardless of the actions of the decision-maker. When all the consequences of possible decisions are known, but their probability is unknown, it is obvious that decisions are made in conditions of complete uncertainty. The main promising theory of analysis of decision-making processes at the stage of designing information security systems is game theory. Therefore, there is a need to develop methods of operational (adaptive) management of information protection, depending on the availability of a priori information about the possibility of attacks by the infringer and his strategy to create unauthorized access to information resources. Game theory allows us to offer recommendations for the formation of management strategies for protection systems.