<p style='text-indent:20px;'>This paper discusses how two competitive firms invest in information security by constructing a differential game in which hacker knowledge dissemination and the law enforcement are considered. Feedback Nash equilibrium solution of information security investment rates and the resulting firm profits are derived, showing that inconsistent with common sense, firm profits may increase with hackers' evaluation rates of information assets and decrease with the law enforcement rate. Interestingly enough, I find that a higher growth rate of hacker knowledge dissemination sometimes increases firm profits. Meanwhile, I counter-intuitively demonstrate under certain circumstances that a higher efficiency of information security investment of inhibiting hacker knowledge dissemination may decrease firm profits and that a larger damage of hacker knowledge dissemination may increase firm profits.</p>