The rapid advancement of information and communication technology has increased work efficiency but also introduced complex security challenges for all stakeholders. While companies have become more aware of the importance of information security, they face difficulties in making effective security investment decisions due to budget constraints and a shortage of skilled security personnel. This study proposes a data-driven framework to support information security investment decision-making. The proposed framework employs quantitative models such as Genetic Algorithm, and Game Theory to select the optimal model based on specific input parameters. The framework systematically categorizes key input parameters necessary for risk assessment and countermeasure selection, guiding users through the optimization process by choosing the most suitable decision-making model. This structured approach enables organizations to select cost-effective security measures within a given budget. Additionally, the framework provides actionable insights by presenting results in visualizations and detailed reports, enhancing investment efficiency. Furthermore, it can be used as a tool by security managers to justify budget requests and assists executives in making data-driven information security decisions. This framework ultimately aims to streamline the information security investment process, enabling organizations to mitigate risks effectively within limited resources.