Due to information security dependence between enterprises in network organization, group behavior during information security investment affects information security of enterprises. Based on conformity effect, this paper establishes the decision-making model to analyze how enterprises will make a decision between the defense ability and the recovery ability, so as to draw how enterprises will choose different security strategies under different circumstances. The enterprise’s information security strategy is divided into active defensive strategy, conservative defensive strategy and the passive defensive strategy. We find that an enterprise’s initial inside security defensive level, the extent of conformity effect and the inside/outside defensive cost influence its choice among the three strategies mentioned., in addition, the higher the conformity probability, the higher active defense willing of enterprises; the larger the firm’s size, the lower active defense willing of enterprises.