This paper presents a group testing approach toward a security decision-making problem. We consider a game model for a network of firms where each firm decides to invest some amount, viewed as its action, on its security. The utility functions are then defined in such a way to capture the interdependent structure of the network. We propose and analyze two algorithms for the firms to update their investments based on incomplete information they receive at any given stage of the game. This so-called incomplete information, which is provided by an independent entity, is the outcome of a (security) test performed on a selected group of firms rather than a single firm due to privacy concerns. Our arguments finally lead to a number of fundamental group testing problems which are inherently different from the classical group testing problem and its alternative versions.