Back to GetFilings.com




1

- --------------------------------------------------------------------------------
- --------------------------------------------------------------------------------

UNITED STATES
SECURITIES AND EXCHANGE COMMISSION
WASHINGTON, D.C. 20549
---------------------

FORM 10-K



(MARK ONE)
[X] ANNUAL REPORT PURSUANT TO SECTION 13 OR 15(D) OF THE
SECURITIES EXCHANGE ACT OF 1934
FOR THE FISCAL YEAR ENDED DECEMBER 31, 2000
OR
[ ] TRANSITION REPORT PURSUANT TO SECTION 13 OR 15(D) OF
THE SECURITIES EXCHANGE ACT OF 1934
FOR THE TRANSITION PERIOD FROM ____________TO ____________


Commission file number 0-23655
INTERNET SECURITY SYSTEMS, INC.
(Exact Name of Registrant as Specified in Its Charter)



DELAWARE 58-2362189
(State or other jurisdiction of (I.R.S. Employer Identification No.)
incorporation or organization)

6303 BARFIELD ROAD 30328
ATLANTA, GEORGIA (Zip code)
(Address of principal executive offices)


Registrant's telephone number, including area code: (404) 236-2600

Securities registered pursuant to Section 12(b) of the Act:



NAME OF EACH EXCHANGE
TITLE OF EACH CLASS ON WHICH REGISTERED
------------------- ---------------------

None None


Securities registered pursuant to Section 12(g) of the Act:
COMMON STOCK, $0.001 PAR VALUE
(Title of Class)

Indicate by check mark whether the Registrant (1) has filed all reports
required to be filed by Section 13 or 15(d) of the Securities Exchange Act of
1934 during the preceding 12 months (or for such shorter period that the
Registrant was required to file such reports), and (2) has been subject to such
filing requirements for the past 90 days.

Yes [X] No [ ]

Indicate by check mark if disclosure of delinquent filers pursuant to Item
405 of Regulation S-K is not contained herein, and will not be contained, to the
best of Registrant's knowledge, in definitive proxy or information statements
incorporated by reference in Part III of this Form 10-K or any amendment to this
Form 10-K. [ ]

The aggregate market value of the voting stock held by non-affiliates of the
Registrant, based upon the closing sale price of Common Stock on March 22, 2001
as reported on the Nasdaq National Market, was approximately $928 million
(affiliates being, for these purposes only, directors, executive officers and
holders of more than 5% of the Registrant's Common Stock).

As of March 22, 2001, the Registrant had 42,924,774 outstanding shares of
Common Stock.

DOCUMENTS INCORPORATED BY REFERENCE

Portions of the Proxy Statement for the Registrant's 2001 Annual Meeting of
Stockholders are incorporated by reference into Part III of this Form 10-K.
- --------------------------------------------------------------------------------
- --------------------------------------------------------------------------------
2

PART I

ITEM 1. BUSINESS

BUSINESS

OVERVIEW

We are a leading global provider of security management solutions for
protecting digital business assets. Our continuous lifecycle approach to
information security protects distributed computing environments, such as
internal corporate networks, inter-company networks and electronic commerce
environments, from attacks, misuse and security policy violations, while
ensuring the confidentiality, privacy, integrity and availability of proprietary
information. We deliver an end-to-end security management solution through our
SAFEsuite security management platform of software products, our
around-the-clock remote security monitoring through our industry-leading managed
security services offerings, and our professional services, made up of both
consulting and education services.

Our SAFEsuite family of software products is a critical element of an
active information security program within today's world of global connectivity,
enabling organizations to proactively monitor, detect and respond to risks to
enterprise information. We currently provide remote management of the industry's
best-of-breed security technology including firewalls, virtual private networks
(VPN's), antivirus and URL filtering software, security assessment and intrusion
detection systems.

ISS' Managed Security Services gives organizations the levels of
sophisticated security services they need without the costly overhead of
extensive, in-house security resources. These services combine managed risk with
best-of-breed protection, state-of-the-art 24x7x365 international monitoring,
and a secure Web-based interface for instant interaction with the security
experts managing your network. Offerings include managed firewalls, intrusion
protection, antivirus, Web content filtering and other critical security
management needs.

ISS Consulting Services professionals combine market-leading intellectual
capital and technology with years of real-world experience to help organizations
plan and implement sound, appropriate business solutions. ISS also maintains a
team of experienced counter-attack specialists that are ready to reclaim
organizations' systems, minimizing the severity of security incidents. ISS
provides forensic analysis and conducts incident response workshops to help
clients identify the best means to prevent recurrence.

Since 1996, more than 10,000 students have refined their security
management skills at ISS' global SecureU facilities. From security fundamentals
and platform-specific issues to advanced classes on vulnerability management,
intrusion detection, firewalls and public key infrastructure, ISS transfers its
intellectual capital and applied experience to organizations committed to
successfully securing their information assets.

ISS also provides special assessment and managed security offerings called
Secure Steps that helps participants obtain e-commerce insurance or qualify for
upgraded levels of insurance services. These services create an economical
bridge from basic security practices to comprehensive and affordable online
business risk management programs.

ISS is a trusted security provider to its customers, protecting online
business assets and ensuring the availability, confidentiality and integrity of
computer systems and information critical to business success. ISS' lifecycle
security management solutions protect more than 8,000 customers worldwide,
including 21 of the 25 largest US commercial banks and the 10 largest US
telecommunications companies. We also have established strategic relationships
with industry leaders, including BellSouth, Check Point, GTE, IBM, MCI WorldCom
(Embratel), Microsoft and Nokia to enable worldwide distribution of our core
monitoring technology.

1
3

INDUSTRY BACKGROUND

Network computing has evolved from client/server-based local area networks
to distributed computing environments based on the integration of inter-company
wide area networks via the Internet and related technologies. The proliferation
and growth of corporate intranets and the increasing importance of electronic
commerce have dramatically increased the openness of computer networks, with the
Internet becoming a widely accepted platform for many business transactions. To
capitalize on these trends, organizations of all sizes and types are
increasingly connecting their enterprise networks to the Internet or using
Internet-based technologies to facilitate and support their strategic business
objectives:

With the increased use of the Internet by businesses and consumers,
organizations increasingly network their key systems in order to reduce costs
and increase revenues. This increased level of access provided by open systems
carries with it the risk of unauthorized access to and use of sensitive
information or malicious disruptions of important information-exchange systems.

THE NEED FOR NETWORK SECURITY

Although open computing environments have many business advantages and
businesses are depending on them more and more, their accessibility and the
relative anonymity of users make these systems, and the integrity of the
information that is stored on them, vulnerable to security threats. Open systems
present inviting opportunities for computer hackers, curious or disgruntled
employees, contractors and competitors to compromise or destroy sensitive
information within the system or to otherwise disrupt the normal operation of
the system. In addition, open computing environments are complex and typically
involve a variety of hardware, operating systems and applications supplied by a
multitude of vendors, making these networks difficult to manage, monitor and
protect from unauthorized access. Each new addition of operating system
software, applications or hardware products to the distributed computing
environment may introduce an increasing number of new vulnerabilities and
security risks.

Historically, organizations with sophisticated, well-funded information
systems departments have responded to perceived security threats by implementing
"passive point tools", such as encryption, firewall, authentication and other
technologies designed to protect individual components of their internal
networks from unauthorized use or outside attacks. Although the passive point
tools address some security concerns, they do not address the fundamental issue
that the inherent utility of open systems is itself the source of their
vulnerability.

To be effective, passive point tools need to be coordinated through
enterprise-wide systems that automatically evaluate and eliminate the
vulnerabilities and threats. Direct observation of vulnerabilities and threats
can allow an organization to define and automatically enforce an integrated,
enterprise-wide information risk management process that can be managed
centrally and implemented on a distributed basis. Any security solution must be:

- easy to use by both management and the organization's existing
information technology personnel or service provider;

- compatible with existing security technologies, as well as flexible
enough to incorporate new technologies; and

- able to provide a comprehensive and accurate picture of security issues
across the organization's entire distributed network such that the
managers of the system trust the objectivity of the security system in
monitoring, detecting and responding to vulnerabilities and threats.

THE ISS SOLUTION

The benefits of open network technologies have driven the Internet into the
"main stream" and with it, the need for security. However, "main stream"
organizations -- unlike our early customers -- are not necessarily interested in
managing information security themselves. Instead, we believe they want to
concentrate on their core business competence and purchase security as a turnkey
solution. For this market-

2
4

driven reason, we have dramatically increased our emphasis on providing total
lifecycle security solutions and have entered the managed security services
market.

In 1999, we adopted British Standard of Practice 7799-1, now ISO/IEC 17799.
ISO 17799 is a blueprint for wrapping various interpretations of information
security policy management into one unified assessment methodology. This
standard divides security policy into a five-step, cyclical process: (1) assess,
(2) design, (3) deploy, (4) manage/support and (5) educate. Our customer life
cycle methodology, based on ISO 17799, permeates our approach to providing total
solutions to our customers. Our implementation consists of the following:

Assess. (Where Are We?) Many companies do not know what information
resides on their network. They do not know where it is located, who has access
to it or what would be the cost to them if the information were compromised in
any way. During this phase of the life cycle, our experts identify all of a
customer's network devices and resources and establish valuations for all groups
of data on the customer's network. The value of assessment lies in turning
general descriptions of security needs and network structures into measurable
sets of data that we use to design verifiable security policy and information
technology infrastructure.

Design. (Where Do We Need to Be?) In this phase of the life cycle, our
teams convert the data gathered during the assessment phase into lists of
information security solutions, deployment locations, implementation strategies
and configuration guidelines for each network device or security application.
When the solution road map is complete, our customer has a security policy,
accompanied by a plan for deploying it and concrete metrics for measuring
compliance.

Deploy. (How Do We Get There?) During this period, our experts test and
install the devices and security applications into the customer's production
environment.

Manage and Support. (How Do We Maintain and Improve?) At this stage, a
customer can either choose to run an in-house security management solution, or
outsource information security through our managed security services. This
ongoing stage is where our experts measure performance data from the information
security infrastructure against the goals stated in the security policy mapped
out earlier. Non-compliant systems and events trigger specific actions, as
stated in the policy. These include a re-evaluation of the policy and a restart
of the policy generation process.

Educate. (How Do We Enhance our Understanding?) Education is a critical
component of the customer life cycle methodology. This ongoing effort to raise
awareness of the need for information security at the executive, management,
administrator and end-user levels cuts across all the phases listed above. It
includes both continuing training for administrators in emerging threats to
their systems and awareness among end users of the benefits of working within
the security architecture.

Our process-driven lifecycle approach to enterprise-wide information risk
management relies on the principles of monitoring, detection and response to the
ever-changing vulnerabilities in and threats to the hardware products, operating
systems and applications that comprise every network system. We designed our
SAFEsuite family of products to enable an organization to centrally define and
manage an information risk policy for its existing network system
infrastructure, including all Internet protocol-enabled devices. Our solutions
provide the ability to visualize, measure and analyze real-time security
vulnerabilities and control threats across the entire enterprise computing
infrastructure, keeping the organization's information technology personnel
informed of changing risk conditions and automatically making adjustments as
necessary. Through custom policies or by using our "best practice" templates,
our customers can minimize security risks without closing off their networks to
the benefits of open computing environments and the Internet.

Our solutions reach beyond the traditional approaches to network security
that rely on the use of passive point tools and are predicated on a proactive,
risk management-based approach to enterprise security that links security
practice and security policy through a continuous improvement process. Our
solution is to:

- continuously monitor network, system and user activity and configure
devices, systems and applications on the network;

3
5

- detect security risks in network traffic and within systems;

- respond to security threats to minimize risks; and

- analyze and report dynamic risk conditions and response actions and
update security policies.

Comprehensive Enterprise Security Solution

We combine the above principles with our extensive knowledge of network,
system and application vulnerabilities and threats to provide scalable security
solutions. Our SAFEsuite family of products provides a comprehensive network and
system security framework. In addition, we sell our products individually as
solutions for a particular function. We also offer a broad range of professional
services to assist in the development and enforcement of an effective security
policy and to facilitate the deployment and use of our software. Our software
products operate with a broad range of platforms and complement the products of
leading security and network management vendors. They provide a single point of
management and control for an enterprise-wide security policy. In this manner,
our SAFEsuite family of products serves as a critical enhancement to traditional
passive point tools, such as encryption, firewalls and authentication. We have
designed our products to be easily installed, configured, managed and updated by
a system administrator through an intuitive graphical user interface without
interrupting or affecting network operation. The software automatically
identifies systems and activities that do not comply with a customer's policies,
and provides a critical feedback mechanism for adjusting the security levels of
networked systems based upon its findings. Our products generate
easy-to-understand reports ranging from executive-level trend analysis to
detailed step-by-step instructions for eliminating security risks.

The X-Force

Because there are few information technology professionals specifically
trained in network and system security issues, we have assembled a senior
research and development team composed of security experts who are dedicated to
understanding new vulnerabilities and real-time threats and attacks, and
developing solutions to address these security issues. The team is known in the
industry as the "X-Force" and represents one of our competitive advantages.
Because of the collective knowledge and experience of the members of the
X-Force, we believe that they comprise one of the largest and most sophisticated
groups of information technology security experts currently researching
vulnerability and threat science. Organizations such as CERT (Computer Emergency
Response Team), the FBI and leading technology companies routinely consult the
X-Force on network security issues. Through the X-Force, we maintain a
proprietary and comprehensive knowledge base of computer exploits and attack
methods, including what we believe is the most extensive publicly available
collection of Windows NT and Windows 2000 vulnerabilities and threats in
existence. To respond to an ever-changing risk profile, the X-Force continually
updates this knowledge base with the latest network vulnerability information,
which aids in the design of new products and product enhancements.

STRATEGY

Our objective is to be the leader in security management for the Internet.
This means providing information risk management systems that proactively
protect the integrity and security of enterprise-wide information systems from
vulnerabilities, misuse, attacks and other information risks. This is regardless
of whether the system is run "in-house" by the management information systems
organization or is outsourced to ISS for remote 24-by-7 management and
monitoring. We focus on developing innovative and automated software and service
solutions to provide customers with a comprehensive framework for protecting
their networks and systems by monitoring for vulnerabilities and real-time
threats. Our solutions allow customers to enforce "best practice" network and
system security policies. Key elements of our strategy include:

Continue Our Leadership Position in Security Technology

We intend to maintain and enhance our technological leadership in the
enterprise security market by hiring additional network and Internet security
experts, broadening our proprietary knowledge base, continuing to invest in
product development and product enhancements and acquiring innovative companies
and

4
6

technologies that complement our solutions. By remaining independent of other
providers of system software, applications and hardware and by solidifying our
position as a best-of-breed provider of monitoring, detection and response
software, we believe that customers and potential customers will view us as the
firm of choice for establishing and maintaining effective security practices and
policies.

Strive for Leadership in Managed Security Services

During 1999, we extended our market leadership position with the
acquisition of Netrex, Inc., a pioneer and leading provider of remote security
monitoring services. The Managed Security Services (MSS) we acquired are
designed for businesses that need security but do not have the time, internal
resources or expertise to effectively protect networked systems and information
through an in-house solution.

This acquisition enables us to deliver end-to-end security management
solutions by extending our market-leading SAFEsuite security management platform
into around-the-clock managed services. In return, our customers now can entrust
their security to ISS experts who monitor and manage their networks 24 hours a
day, seven days a week, 365 days a year.

International Data Corp. (IDC) projects that demand for managed security
services will reach more than $1.4 billion annually by 2004, with a compounded
growth rate of 24 percent. As network-based business operations have penetrated
the economy, security management has come to be viewed as an essential system on
the network, just as network and systems management and storage management are
today. We're poised to take advantage of this inevitability.

Expand Domestic Sales Channels

We intend to increase the distribution and visibility of our products by
expanding our regional direct sales program and increasing our market coverage
through the establishment of additional indirect channels with key managed
service providers, Internet service providers, systems integrators, resellers,
OEMs and other channel partners. We believe that a multi-channel sales approach
will build customer awareness of the need for our products and enable us to more
rapidly build market share across a wide variety of industries.

Enhance and Promote Professional Services Capabilities

We aim to establish long-term relationships with our customers by serving
as a "trusted advisor" in addressing network security issues. To continue to
fulfill this responsibility to our customers, we are expanding our professional
services capabilities. These capabilities will allow us to increase the return
on investment we've made in standardizing on ISO 17799. As previously mentioned,
ISO 17799 is a blueprint for wrapping various interpretations of information
security policy management into one unified methodology. It is our customer life
cycle methodology, built on this standard, that permeates our approach to
providing total solutions to our customers and provides them with effective
information risk management solutions. By providing professional services, we
also can heighten customer awareness about network security issues, which
creates opportunities for us to sell new products or product enhancements to our
existing customers.

Expand International Operations

We plan to continue to aggressively expand our international operations to
address the rapid global adoption of distributed computing environments. Many
foreign countries do not have laws recognizing network intrusion or misuse as a
crime or the resources to enforce such laws if they do exist. As a consequence,
we believe that organizations in such countries will have greater need for
effective security solutions. We currently maintain international offices in
Australia, Belgium, Brazil, Canada, Egypt, England, France, Germany, Italy,
Japan, Mexico, the Netherlands, the Philippines, Spain, Sweden and Switzerland
and plan to expand in those regions where businesses, governments and other
institutional users are using distributed networks and the Internet for their
mission-critical needs.

5
7

SAFESUITE FAMILY OF PRODUCTS

The SAFEsuite family of products applies our information security
methodology through a flexible architecture that integrates with existing
security and network system infrastructures. Our SAFEsuite products enhance the
effectiveness of passive point tools by monitoring them for threats and
vulnerabilities and responding with actions that align customers' security
practices and policies. SAFEsuite complements network and security management
frameworks by providing information required for informed decisions to minimize
security risks while maintaining the desired level of network functionality.
Thus, our products provide a risk management-based approach to security with
scalable deployment of best-of-breed products and integrated enterprise-wide
implementations.

The SAFEsuite product architecture includes a policy management interface
that lets customers choose among "best practice" templates or policies that
establish the acceptable level of risk appropriate for their networks. Our
individual products then automatically verify compliance with the chosen policy
in terms of actual system configuration and network activity. Graphical reports
describe the deviations from the established policy, including the measures
required to reduce the risk.

This product architecture allows all the SAFEsuite technologies to connect
directly into common standards, providing comprehensive security reports for the
entire enterprise. To ensure communication confidentiality between individual
SAFEsuite components and to prevent their misuse, SAFEsuite components use
industry-standard encryption algorithms, which have become de facto encryption
standards, among other encryption technologies. The SAFEsuite Security Knowledge
Base, a database containing information about the devices and security risks on
a customer's network, utilizes open database connectivity, or ODBC, interface
and allows customers to select their preferred database such as Informix,
Microsoft SQL Server, Oracle, Sybase or any ODBC-compliant database for data
storage. The various SAFEsuite products consolidate security data, enabling
users to quickly determine their risk profiles and respond. In addition,
SAFEsuite products provide automated decision support by assessing priorities
and providing a graphical representation of important security risk data sets.
This feature allows key decision-makers to prioritize their program strategies
for effective deployment of resources to minimize security risks.

Each SAFEsuite product can be deployed as a stand-alone, best-of-breed
solution to meet the needs of the local administrator or departmental user.
Enterprise-level users can analyze security risk conditions for the entire
network through support for remote, multi-level management consoles and the
SAFEsuite Security Knowledge Base. The SAFEsuite Security Knowledge Base allows
the customer to address vulnerabilities and threats, thereby minimizing network
security risk and associated costs. SAFEsuite's frequent updates integrate the
latest identified security vulnerabilities and threats into the operations of an
existing product installation.

Internet Scanner

Internet Scanner quickly identifies security vulnerabilities in a network
and non-compliance with security policy, plus provides appropriate information
for correcting these potential security exposures, through automated and
comprehensive network security vulnerability detection and analysis. Internet
Scanner scans and detects vulnerabilities, prioritizes security risks and
generates an array of meaningful reports ranging from executive-level trend
analysis to detailed step-by-step instructions for eliminating security risks.
Scans may be as simple as determining the basic computing services available on
the network or as comprehensive as a thorough testing using the full range of
Internet Scanner's vulnerability database. The product uses Smart Scan, a
technique that uses the results of prior scans, as well as current scans of
other devices, to provide a more thorough investigation of each device. After
completing their scans, the Internet Scanner modules return lists of discovered
vulnerabilities and prepare in-depth reports to assist administrators with
follow-up and review.

System Scanner

System Scanner serves as a security assessment system that helps manage
security risks through comprehensive detection and analysis of operating system,
application and user-controlled security weaknesses. System Scanner identifies
potential security risks by comparing security policy with actual host

6
8

computer configurations. Routine reviews of these records help identify damaged
or maliciously altered systems before they become a security or performance
liability. System Scanner augments its automated policy compliance testing with
an extensive database of vendor patches and other system enhancements.

Database Scanner

Database Scanner provides security risk assessment for database management
systems. Database Scanner allows a user to establish a database security policy,
audit a database and present a database's security risks and exposures in
easy-to-read reports. Database Scanner develops, implements and maintains
appropriate database system security strategies, policies and procedures.

Online Scanner

Online Scanner is the world's first security management application for
protecting online transactions. Based on our SAFEsuite security management
platform, Online Scanner performs security checkups for home users, helping them
to protect their systems against data loss or corruption due to malicious
attack. Simple instructions guide users through identifying and correcting
potential security risks.

RealSecure

RealSecure is a powerful, automated, real-time intrusion protection system
for computer networks and hosts. RealSecure provides unobtrusive, continuous
surveillance, intercepting and responding to security breaches and network abuse
before systems are compromised. RealSecure provides effective intrusion
protection solutions by offering diversified sensors and management consoles.

RealSecure Network Sensor. RealSecure Network Sensor runs on a dedicated
system that monitors network traffic for attack signatures -- definitive
identifiers that an intrusion is underway. Attack recognition, incident
response, and intrusion prevention occur immediately, with full customization of
signatures and response capabilities.

RealSecure Server Sensor. RealSecure Server Sensor performs real-time
intrusion monitoring, detection, and prevention of malicious activity by
analyzing kernel-level events, host logs, and network activity on critical
servers. Server Sensors monitor, detect, and prevent intrusions with Packet
Interception, Firecell blocking capability, and Secure Logic event fusion
correlation filtering.

RealSecure OS Sensor. RealSecure OS Sensor provides real-time log-file
monitoring and analysis. As with the RealSecure Network Sensor, the OS Sensor
recognizes and responds to attack signatures, and additionally monitors unused
ports for suspicious activity. The OS Sensor also provides full customization of
signatures and response capabilities.

RealSecure for Nokia. RealSecure for Nokia is an appliance-style intrusion
detection sensor designed for easy deployment, featuring a hardened operating
system, plug and play technology and excellent performance.

RealSecure Workgroup Manager. RealSecure Workgroup Manager provides
centralized management, configuration, reporting, and real-time alarming for all
RealSecure Sensors. RealSecure also includes plug-in management modules for HP
OpenView and Tivoli Enterprise Software.

SAFEsuite Decisions

SAFEsuite Decisions provides information security decision support services
that consolidate and simplify the task of maintaining complex information
security implementations across an enterprise network environment. SAFEsuite
Decisions integrates critical security data generated by our Internet Scanner,
System Scanner, RealSecure and third-party firewalls, into a closed, automated
feedback loop. This information is condensed into a comprehensive reporting
system, enabling timely, focused and informed decisions for effective
information risk management. By automating the process of collecting, collating,
correlating and

7
9

analyzing data generated by multiple information security engines and
applications. SAFEsuite Decisions enables managers and administrators to focus
security resources where they are needed most.

SAFEsuite Events

SAFEsuite Events provides real-time data collection and rapid tactical
analysis of critical security events for enterprise network environments.
Designed to work in tandem with RealSecure, our market leading intrusion
detection and response system, SAFEsuite Events filters intrusion data from
multiple sensors on multiple networks, removes low priority alerts and false
positives, and presents the most urgent situations in easily understood online
and print reports. SAFEsuite Events is an automated, 24x7 security event
management solution. Its advanced data collection and analysis technology
removes the need for manual event analysis, greatly accelerating response time
and improving overall security staff efficiency.

MANAGED SECURITY SERVICES

We provide comprehensive managed security services, or MSS, for
organizations without a compelling reason to develop an in-house information
security solution. MSS allows a company to start with basic security needs at
low cost, then expand as the business grows. Since the security infrastructure
is disbursed across a large managed services customer base, monthly security
costs are minimized while each aspect of the enterprise is secured against
attack and misuse in accordance with the customer's security policy.

MSS ensures that online assets are being properly protected. MSS is
analogous to outsourced security, offering unique advantages that make it an
attractive resource for online business operations. Instead of separate vendors
for security consulting services, firewalls, antivirus and intrusion detection,
MSS combines these basic business necessities with thorough information security
analysis to deliver a complete, customized information security solution. Our
unique Web-based management console allows client oversight of all security
operations, plus rapid response to changing network conditions.

PROFESSIONAL SERVICES

We enhance the value of our products by offering professional services to
assure customers' success in establishing, implementing and maintaining their
security policy, including consulting and educational services.

Consulting Services

We have network security professionals ready to assist customers with their
particular security policy development and enforcement needs. Our consulting
services can range from providing network security resources for overburdened
information technology departments to conducting investigations of serious
breaches in security. Our offerings include:

- Information Security Analysis and Assessment -- Includes enterprise
security audits, enterprise security assessment and strategy workshops
and risk assessment analysis

- Information Security Design Services -- Includes security policy and
configuration guideline development; information security architecture
design; and risk management process integration

- Information Security Deployment Services -- Establish and review security
policies; security deployment strategy workshop; hands-on training and
assistance with deployment and use of ISS' SAFEsuite products; and
enterprise deployment of ISS' SAFEsuite solutions throughout an
enterprise-level organization.

- Emergency Response Services -- subscription service that helps customers
avoid security breaches while helping them prepare in case they do
experience a break-in.

8
10

Education

We complement our service offerings with a full range of training and
certification programs. These programs include courses in the fundamentals of
security and networking, vulnerability management, threat management and
intrusion detection, public key infrastructures, firewalls and others. Each
course offers the option of certification via standardized examinations. Our
courses are available worldwide at our in-house education centers, through
approved training centers, as well as our customer sites with our mobile
training labs. These classes address planning, installation and basic operation
of our products in a hands-on, interactive environment. For more advanced needs,
our ISS Certified Engineer training courses cover advanced topics specific to
each SAFEsuite or SAFEsuite Enterprise product. Our training goes beyond simple
"how to" exercises. Upon completion of instructor-led discussions and exercises,
students respond to actual, on-the-job scenarios. These simulations allow
students to apply their new skills to real-world situations, reinforcing both
basic and advanced skills. Our training courses encompass the complete life
cycle of our SAFEsuite products, from installation and operations to advanced
troubleshooting.

PRICING

We use a range of fee structures to license our products, depending on the
type of product and the intended use. We license our vulnerability detection
products, Internet Scanner, System Scanner and Database Scanner, based on the
number of devices being scanned. The pricing scheme is scalable, providing low
entry points for departmental users without limiting our revenue potential from
customers with large networks. Pricing for our threat detection products,
RealSecure Engine and RealSecure Agent, is based on the number of engines
deployed on the network. Thus, licensing fees for our products are ultimately
determined by the size of the customer's network, as size dictates the number of
devices to be scanned or the number of engines to be deployed. Enterprise
management solutions also generate revenue for the Company. SAFEsuite Decisions
is licensed by the size of the deployment and number of data sources. It scales
to meet the needs of large security deployments and represents a follow-on
revenue opportunity for customers with multiple security technologies.

In addition to license fees, customers virtually always purchase
maintenance agreements in conjunction with their initial purchase of a software
license, with annual maintenance fees typically equal to 20% of the product's
license fee. Maintenance agreements include annually renewable telephone
support, product updates, access to our X-Force Security Alerts and error
corrections. Our continuing research into new security risks and resulting
product updates provide significant ongoing value. We provide customers with a
regular stream of security updates, known as X-Press Updates, as part of this
maintenance agreement. X-Press Updates serve to keep our products up to date
with the latest vulnerabilities and threats that are present in Internet
environments. As a result, a substantial majority of our customers renew their
maintenance agreements. Customers who use our products to provide information
technology consulting services have license agreements that are based on a
revenue sharing model. We have historically sold fully-paid perpetual licenses
with a renewable annual maintenance fee and, more recently, have licensed our
products on a subscription basis, including maintenance, for one or two year
periods and are exploring other alternatives for customers desiring longer term
arrangements or multi-year commitments.

Monitoring fees for managed security services are determined by the
complexity of the monitoring arrangement and by the number of devices being
monitored. The pricing scheme is scalable allowing for customers to start with
basic security monitoring services and expand as the business grows.

Our consulting services fees are calculated either on a fixed-fee basis or
an hourly standard rate per consultant and discounted based on the scope of the
engagement, market sector and geographical territory. Educational services are
calculated on a per-class basis.

PRODUCT DEVELOPMENT

We developed our SAFEsuite products to operate in heterogeneous computing
environments. Products are compatible with other vendors' products across a
broad range of platforms, including HP-UX, IBM AIX, Linux, SGI IRIX, SunOS, Sun
Solaris, Microsoft Windows 95/98 and Microsoft Windows NT. We have

9
11

incorporated a modular design in our products to permit plug-and-play
capabilities, although customers often use our professional services or our
strategic partners to install and configure products for use in larger or more
complex network systems.

We employ a three-pronged product development strategy to achieve our goal
of providing the most comprehensive security coverage within the monitoring,
detection and response market. First, we provide regular security updates to our
products that are based on our vulnerability and threat database. These updates
are usually provided as part of separate maintenance agreements sold with the
product license.

Second, we continue to develop best-of-breed security products to address
particular network configurations. Such new products, and our existing products
like Internet Scanner, System Scanner and RealSecure, are updated approximately
every four to six months to add new features and improve functionality.

Third, to complement our existing products and provide more comprehensive
network security coverage, we are expanding our existing SAFEsuite products by
developing additional enterprise-level products. These products will allow
customers to protect their networks by continuously measuring and analyzing the
status of their network's security, and by monitoring and controlling the
security risks in real time across the enterprise network. These SAFEsuite
enterprise products will operate with our existing products, allowing modular
implementation.

Expenses for product development were $9.7 million, $20.4 million, and
$31.3 million in 1998, 1999, and 2000, respectively. All product development
activities are conducted at either our principal offices in Atlanta, or at our
research and development facilities in Sunnyvale, California, Southfield,
Michigan and Reading, England. At December 31, 2000, 306 personnel were employed
in product development teams. Our personnel include members of the Computer
Security Institute, Forum for Incident Response and Security Technicians
(FIRST), Georgia Tech Industrial Partners Association, Georgia Tech Information
Security Center and the International Computer Security Association (ICSA),
enabling us to actively participate in the development of industry standards in
the emerging market for network and Internet security systems and products.

CUSTOMERS

As of December 31, 2000, we had licensed versions of our SAFEsuite family
of products to over 8,000 customers. No customer accounted for more than 10% of
our consolidated revenues in 1998, 1999 or 2000. Our target customers include
both public and private sector organizations that utilize Internet protocol-
enabled information systems to facilitate mission-critical processes in their
operations. Our customers represent a broad spectrum of organizations within
diverse sectors, including financial services, technology, telecommunications,
government and information technology services.

SALES AND MARKETING

Sales Organization

Our sales organization is divided regionally among the Americas, Europe and
the Asia/Pacific regions. In the Americas, we market our products primarily
through our direct sales organization augmented by our indirect channels,
including security consultants, resellers, OEMs and systems consulting and
integration firms. The direct sales organization for the Americas consists of
regionally based sales representatives and sales engineers and a telesales
organization located in Atlanta. We maintain a number of domestic sales offices
in various cities throughout the United States and in Canada and Mexico. A
dedicated group of professionals in our Atlanta headquarters covers Latin
America. As of December 31, 2000, we employed approximately 344 people in the
Americas direct sales and professional services organization. The regionally
based direct sales representatives focus on opportunities with large
organizations. Included as part of the sales organization is a channel
management group that drives incremental revenue through selected partners and
acts as the liaison between the direct sales representatives and the channel
partners.

In Europe and the Asia/Pacific region, the substantial portion of our sales
occurs through authorized resellers. Internationally we have established
regional sales offices in several countries in Europe as well as in Brazil,
Egypt, Australia and Japan. Personnel in these offices are responsible for
market development,

10
12

including managing our relationships with resellers, assisting them in winning
and supporting key customer accounts, acting as a liaison between the end user
and our marketing and product development organizations, and providing
consulting and training services. As of December 31, 2000, approximately 285
employees were located in our European and Asia/Pacific regional offices. We
expect to continue to expand our field organization into additional countries in
these regions.

Security Partners Program

We have established a Security Partners Program to train and organize
security consulting practices, Internet service providers, systems integrators
and resellers to match our products with their own complementary products and
services. By reselling SAFEsuite products, our partners provide additional value
for specific market and industry segments, while maintaining our ongoing
commitment to quality software and guaranteed customer satisfaction. We have
established three different levels of partnership opportunities:

- Premier Partners. Premier Partners are value-added resellers and systems
integrators with focused security practices. Many Premier Partners are
experienced in the sales and implementation of leading firewall
technology, as well as authentication and encryption technologies. These
partners leverage their expertise with our vulnerability assessment and
intrusion detection products. Premier Partners receive direct
distribution of our products, sales training, financial incentives,
access to our Web site for placing orders and partner-only
communications, including a link to the ISS Partner Web site.

- Authorized Partners. Authorized Partners generally consist of
organizations that provide security-focused consulting services, but
elect not to commit to the minimum annual purchase commitments and entry
fees applicable to Premier Partners. Authorized Partners may purchase
products directly from us and may access our Web site to place orders and
receive partner-only communications.

- Registered Partners. Unlike Premier Partners and Authorized Partners,
Registered Partners are not required to maintain an ISS Certified
Engineer on their staffs. Registered Partners receive re-seller only
communications and may purchase products directly from us, including
through our online Web order system.

Marketing Programs

We conduct a number of marketing programs to support the sale and
distribution of our products. These programs are designed to inform existing and
potential end-user customers, OEMs and resellers about the capabilities and
benefits of our products. Marketing activities include:

- press relations and education;

- publication of technical and educational articles in industry journals
and our on-line magazine, ISS Alert;

- participation in industry tradeshows;

- product/technology conferences and seminars;

- competitive analysis;

- sales training;

- advertising and development and distribution of marketing literature; and

- maintenance of our Web site.

11
13

A key element of our marketing strategy is to establish our products and
information security methodology as the leading approach for enterprise-wide
security management. We have implemented a multi-faceted program to leverage the
use of our SAFEsuite product family and Managed Security Services to increase
their acceptance through relationships with various channel partners:

- Strategic Resellers. Although we have numerous resellers, certain of
these relationships have generated significant leverage for us in
targeted markets. Our strategic resellers, which include EDS, IBM,
Lucent, Siemens and Softbank, provide broad awareness of our brand
through enhanced marketing activity, access to large sales forces,
competitive control points and access to larger strategic customer
opportunities.

- Consultants. The use of our products by security consultants not only
generates revenue from the license sold to the consultant, but also
provides us with leads to potential end users with a concern for network
security. Consultants who have generated substantial leads for our sales
organization include Accenture, Arthur Andersen, Deloitte Touche Tohmatsu
International, Ernst & Young, IBM, KPMG, PricewaterhouseCoopers and SAIC
Global Integrity.

- OEMs. A number of vendors of security products, including Check Point,
Entrust, Lucent and Nortel, have signed OEM agreements with us. These
agreements enable OEMs to incorporate our products into their own product
offerings to enhance their security features and functionality. We
receive royalties from OEM vendors and increased acceptance of our
products under these arrangements, which, in turn, promote sales of our
other products to the OEM's customers.

We typically enter into written agreements with our strategic resellers,
consultants, managed service providers, Internet service providers and OEMs.
These agreements generally do not provide for firm dollar commitments from the
strategic parties, but are intended to establish the basis upon which the
parties will work together to achieve mutually beneficial objectives.

CUSTOMER SERVICE AND SUPPORT

We provide ongoing product support services under license agreements.
Maintenance contracts are typically sold to customers for a one-year term at the
time of the initial product license and may be renewed for additional periods.
Under our maintenance agreements with our customers, we provide, without
additional charge, telephone support, documentation and software updates and
error corrections. Customers that do not renew their maintenance agreements but
wish to obtain product updates and new version releases are generally required
to purchase such items from us at market prices. In general, major new product
releases come out annually, minor updates come out every four to six months and
new vulnerability and threat checks come out every two to four weeks. Customers
with current maintenance agreements may download product updates from our Web
site.

We believe that providing a high level of customer service and technical
support is necessary to achieve rapid product implementation, which, in turn, is
essential to customer satisfaction and continued license sales and revenue
growth. Accordingly, we are committed to continued recruiting and maintenance of
a high-quality technical support team. We provide telephone support to customers
who purchase maintenance agreements along with their product license. A team of
dedicated engineers trained to answer questions on the installation and usage of
the SAFEsuite products provides telephone support worldwide, 24 hours a day,
seven days a week (including holidays), from our corporate office in Atlanta. In
the United States and internationally, our resellers provide telephone support
to their customers with technical assistance from us. For our managed services
security solutions, customer support is available in several offerings up to 24
hours a day, seven days a week for customers electing this coverage. Support is
offered via phone, email or secure web form and includes access to an online
knowledge base as well as direct contact with qualified support personnel.

COMPETITION

The market for information security, including monitoring, detection and
response solutions and managed security services is intensely competitive, and
we expect competition to increase in the future. We believe that

12
14

the principal competitive factors affecting the market for information security
include security effectiveness, manageability, technical features, performance,
ease of use, price, scope of product offerings, professional services
capabilities, distribution relationships and customer service and support.
Although we believe that our solutions generally compete favorably with respect
to such factors, we cannot guarantee that we will compete successfully against
current and potential competitors, especially those with greater financial
resources or brand name recognition.

PROPRIETARY RIGHTS AND TRADEMARK ISSUES

We rely primarily on copyright and trademark laws, trade secrets,
confidentiality procedures and contractual provisions to protect our proprietary
rights. We have obtained one United States patent and have a patent application
under review. We also believe that the technological and creative skills of our
personnel, new product developments, frequent product enhancements, our name
recognition, our professional services capabilities and delivery of reliable
product maintenance are essential to establishing and maintaining a technology
leadership position. We cannot assure you that our competitors will not
independently develop technologies that are similar to ours. We generally
license our SAFEsuite products to end users in object code (machine-readable)
format. Certain customers have required us to maintain a source-code escrow
account with a third-party software escrow agent, and a failure by us to perform
our obligations under any of the related license and maintenance agreements, or
our insolvency, could result in the release of our product source code to such
customers. The standard form license agreement for our software products allows
the end user to use our SAFEsuite products solely on the end user's computer
equipment for the end user's internal purposes, and the end user is generally
prohibited from sublicensing or transferring the products.

Despite our efforts to protect our proprietary rights, unauthorized parties
may attempt to copy aspects of our products or to obtain and use information
that we regard as proprietary. Policing unauthorized use of our products is
difficult. While we cannot determine the extent to which piracy of our software
products occurs, we expect software piracy to become a persistent problem. In
addition, the laws of some foreign countries do not protect our proprietary
rights to as great an extent as do the laws of the United States and many
foreign countries do not enforce these laws as diligently as U.S. government
agencies and private parties.

Internet Security Systems, Internet Scanner, System Scanner, Database
Scanner, Online Scanner, RealSecure, ADDME, X-Force, X-Press Updates,
ActiveAlert, FlexCheck, SecureLogic, SecurePartner, and SecureU are trademarks
and service marks, and SAFEsuite is a registered trademark, of Internet Security
Systems, Inc. Other trademarks and trade names mentioned are marks and names of
their owners as indicated.

EMPLOYEES

As of December 31, 2000, we had 1,183 employees, of whom 306 were engaged
in product research and development, 328 were engaged in sales, 152 were engaged
in customer service and support, 222 were engaged in professional services, 53
were engaged in marketing and business development and 122 were engaged in
administrative functions. We believe that we have good relations with our
employees.

ITEM 2. PROPERTIES

In November 1999 we signed an eleven and one-half year lease for a new
Atlanta headquarters and research and development facility. This new facility
consists of approximately 240,000 square feet that we began occupying in varying
phases beginning in November 2000. Annual minimum payments under the lease
increase as occupied space increases, with total minimum payments due under the
lease of approximately $64 million over the lease term.

We lease additional office space in Chicago, Illinois; Sunnyvale,
California; Southfield, Michigan; Denver, Colorado; New York City, New York; San
Francisco, California; and Washington, D.C., as well as small executive suites
in several United States cities. In addition, we lease office space in Brussels,
Belgium; London and Reading, England; Paris, France; Stuttgart, Germany; Warsaw,
Poland; Stockholm and Helsinborg, Sweden; Milan and Padova, Italy; Madrid,
Spain; The Netherlands; Sydney, Australia; Manila, Philippines; and Tokyo,
Japan.

13
15

We believe that our existing facilities and our upcoming new headquarters
are adequate for our current needs and that additional space will be available
as needed.

ITEM 3. LEGAL PROCEEDINGS

From time to time we are involved in litigation relating to claims arising
in the ordinary course of business. We are not presently involved in any
material legal proceedings.

ITEM 4. SUBMISSION OF MATTERS TO A VOTE OF SECURITY HOLDERS

No matter was submitted to a vote of our shareholders during the fourth
quarter of 2000.

14
16

PART II

ITEM 5. MARKET FOR REGISTRANT'S COMMON EQUITY AND RELATED STOCKHOLDER MATTERS

Our Common Stock is quoted on the Nasdaq National Market under the symbol
"ISSX". The following table lists the high and low per share sales prices for
the Common Stock as reported by the Nasdaq National Market for the periods
indicated (prices have been adjusted for the 2-for-1 stock split in May 1999):



2000: HIGH LOW
- ----- ------- ------

First Quarter............................................... $141.00 $46.25
Second Quarter.............................................. 116.00 58.00
Third Quarter............................................... 108.75 51.13
Fourth Quarter.............................................. 102.94 58.81




1999: HIGH LOW
- ----- ------ ------

First Quarter............................................... $46.25 $22.19
Second Quarter.............................................. 45.00 20.13
Third Quarter............................................... 40.63 20.00
Fourth Quarter.............................................. 71.13 26.25


As of March 22, 2001, there were 42,924,774 shares of our Common Stock
outstanding held by 302 stockholders of record.

We have not declared or paid cash dividends on our capital stock during the
last two years. We currently intend to retain any earnings for use in our
business and not anticipate paying any cash dividends in the foreseeable future.
Our Board of Directors, if any, will determine future dividends.

During 1998, we issued 277,500 shares of its Common Stock to employees and
a director pursuant to exercises of stock options, with exercise prices ranging
from $0.075 to $3.50 per share, principally under the Company's Restated 1995
Stock Incentive Plan which were deemed exempt from registration under Section 5
of the Securities Act of 1933 in reliance upon Rule 701 thereunder. The
recipients of securities in each such transaction represented their intentions
to acquire the securities for investment only and not with a view to, or for
sale in connection with, any distribution thereof and appropriate legends were
affixed to the share certificates issued in each such transaction.

We issued 2,444,174 shares of our Common Stock as consideration for all the
issued and outstanding stock of Netrex, Inc. on August 31, 1999. We also issued
141,479 shares of our Common Stock in September 1999 as consideration for all
the issued and outstanding stock of NJH Security Consulting, acquired by us in
September 1999. As part of the terms of these acquisitions, we filed a shelf
registration statement in October 1999 on Form S-3 covering 723,987 shares
issued in connection with the acquisitions of Netrex and NJH.

In August 2000, we issued 29,100 shares of our Common Stock as
consideration for all of the issued and outstanding stock of privately held ISYI
of Padova, Italy. These shares were issued in a transaction exempt from
registration under the Securities Act of 1933.

15
17

ITEM 6. SELECTED CONSOLIDATED FINANCIAL DATA

The financial data set forth below for each of the three years in the
period ended December 31, 2000, and as of December 31, 1999 and 2000 has been
derived from the audited consolidated financial statements appearing elsewhere
in this Annual Report on Form 10-K. The financial data for the years ended
December 31, 1996 and 1997, and as of December 31, 1996, 1997 and 1998, has been
derived from audited financial statements not included herein.



YEAR ENDED DECEMBER 31,
-------------------------------------------------
1996 1997 1998 1999 2000
------- ------- ------- -------- --------
(AMOUNTS IN THOUSANDS, EXCEPT PER SHARE AMOUNTS)

CONSOLIDATED STATEMENT OF OPERATIONS DATA:
Revenues:
Product licenses and sales............................. $ 6,503 $16,074 $36,908 $ 74,050 $119,703
Subscriptions.......................................... 1,077 4,488 12,037 24,141 41,706
Professional services.................................. 1,945 4,863 8,143 18,296 33,566
------- ------- ------- -------- --------
9,525 25,425 57,088 116,487 194,975
Costs and expenses:
Cost of revenues....................................... 2,948 7,275 19,951 37,700 59,424
Research and development............................... 1,225 3,855 9,655 20,412 31,316
Sales and marketing.................................... 4,549 14,096 25,998 43,124 68,032
General and administrative............................. 1,704 3,668 6,557 9,230 14,481
Amortization........................................... -- -- 230 992 1,153
Charges for in-process research and development........ -- -- 802 -- --
Merger costs........................................... -- -- -- 2,329 --
------- ------- ------- -------- --------
10,426 28,894 63,193 113,787 174,406
------- ------- ------- -------- --------
Operating income (loss).................................. (901) (3,469) (6,105) 2,700 20,569
Interest income, net..................................... 28 163 2,274 5,902 8,415
Foreign currency exchange loss........................... -- -- -- (136) (331)
------- ------- ------- -------- --------
Income (loss) before income taxes........................ (873) (3,306) (3,831) 8,466 28,653
Provision for income taxes............................... -- -- 62 976 10,338
------- ------- ------- -------- --------
Net income (loss)........................................ $ (873) $(3,306) $(3,893) $ 7,490 $ 18,315
======= ======= ======= ======== ========
Basic net income (loss) per share(1)..................... $ (0.05) $ (0.18) $ (0.12) $ 0.19 $ 0.44
======= ======= ======= ======== ========
Diluted net income (loss) per share(1)................... $ (0.05) $ (0.18) $ (0.12) $ 0.17 $ 0.41
======= ======= ======= ======== ========
Weighted average shares:(2)..............................
Basic.................................................. 18,276 18,399 32,351 39,996 41,892
======= ======= ======= ======== ========
Diluted................................................ 18,276 18,399 32,351 43,691 45,099
======= ======= ======= ======== ========
Unaudited pro forma net loss per share(1)................ $ (0.11) $ (0.11)
======= =======
Unaudited weighted average shares used in unaudited pro
forma net loss per share calculation(1)................ 29,873 34,963
======= =======




DECEMBER 31,
-------------------------------------------------
1996 1997 1998 1999 2000
------- ------- ------- -------- --------
(IN THOUSANDS)

CONSOLIDATED BALANCE SHEET DATA:
Cash and cash equivalents................................ $ 2,051 $ 4,174 $53,056 $ 70,090 $ 66,210
Working capital.......................................... 2,403 1,523 53,157 127,135 145,133
Total assets............................................. 5,931 13,816 84,724 184,845 240,240
Redeemable, convertible preferred stock.................. 3,614 8,878 -- -- --
Stockholders' equity (deficit)........................... (620) 4,468 66,505 155,153 188,389


- ---------------

(1) Computed on the basis described in Note 1 of Notes to Consolidated Financial
Statements.
(2) See Note 10 of Notes to Consolidated Financial Statements for the
determination of shares used in computing basic and diluted net income per
share.

16
18

ITEM 7. MANAGEMENT'S DISCUSSION AND ANALYSIS OF FINANCIAL CONDITION AND RESULTS
OF OPERATIONS

The following discussion should be read in conjunction with the
Consolidated Financial Statements and related Notes thereto included elsewhere
in this document. Except for the historical financial information, the matters
discussed in this document may be considered "forward-looking" statements. Such
statements include declarations regarding our intent, belief or current
expectations. Such forward-looking statements are not guarantees of future
performance and involve a number of risks and uncertainties. Actual results may
differ materially from those indicated by such forward-looking statements as a
result of certain factors, including, but not limited to, those set forth under
the "Risk Factors" heading below.

OVERVIEW

We are a leading global provider of security management solutions for
protecting digital business assets. Our continuous lifecycle approach to
information security protects distributed computing environments, such as
internal corporate networks, inter-company networks and electronic commerce
environments, from attacks, misuse and security policy violations, while
ensuring the confidentiality, privacy, integrity and availability of proprietary
information. We deliver an end-to-end security management solution through our
SAFEsuite security management platform coupled with around-the-clock remote
security monitoring through our managed services offerings. Our SAFEsuite family
of products is a critical element of an active Internet and networking security
program within today's world of global connectivity, enabling organizations to
proactively monitor, detect and respond to risks to enterprise information. Our
managed services offerings currently provide remote management of the industry's
best-of-breed security technology including firewalls, VPNs, anti-virus and URL
filtering software, security assessment and intrusion detection systems. We
focus on serving as the trusted security provider to our customers by
maintaining within our existing products the latest counter-measures to security
risks, creating new innovative products based on our customers' needs and
providing professional and managed services.

We generate a majority of our revenues from our SAFEsuite family of
products in the form of perpetual licenses and subscriptions, and sales of
best-of-breed technology products developed by our partners. We recognize
perpetual license revenues from ISS developed products upon delivery of software
or, if the customer has evaluation software, delivery of the software key and
issuance of the related license, assuming that no significant vendor obligations
or customer acceptance rights exist. Where payment terms are extended over
periods greater than 12 months, revenue is recognized as such amounts are
billable. Product sales consist of (i) appliances sold in conjunction with ISS
licensed software and (ii) software developed by third party-partners, combined
in some instances with associated hardware appliances and partner maintenance
services. These sales are recognized upon shipment to the customer.

Annual renewable maintenance is a separate component of each perpetual
license agreement for ISS products with revenue recognized ratably over the
maintenance term. Subscription revenues include maintenance, term licenses, and
managed service arrangements. Term licenses allow customers to use our products
and receive maintenance coverage for a specified period, generally 12 months. We
recognize revenues from these term agreements ratably over the subscription
term. Security monitoring services of information assets and systems are part of
managed services and are recognized as such services are provided. Professional
services revenues include consulting services and training. Consulting services,
typically billed on a time-and-materials basis, assist in the successful
deployment of our products within customer networks, the development of
customers' security policies and the assessment of security policy decisions. We
recognize such professional services revenues as the related services are
rendered.

We believe that our total solutions approach will grow all of our revenue
categories. This includes our products and managed services offerings, as well
as maintenance and professional services and training. While we expect the
expansion of these product and service offerings to originate primarily from
internal development, our strategy includes acquiring products, technologies and
service capabilities that fit within our strategy and that potentially
accelerate the timing of the commercial introduction of such products and
technologies. Over the last 24 months, we have made four different acquisitions,
each of which included such products, technologies or service capabilities.

17
19

Two of these acquisitions, ISYI and Seguranca Ativa de Redes Internet e
Sistemas Ltda ("SARIS") were completed in the third quarter of 2000. ISYI is a
leader in advanced network security monitoring services in the Italian market
and an early provider of remote security monitoring services. The ISYI
transaction has been accounted for using the pooling-of-interests method;
however, this transaction was not material to ISS's consolidated operations and
financial position and, therefore, our operating results have not been restated
for this transaction. Our operating results include the results of operations of
ISYI since the date of acquisition. SARIS was formed in 1999 in order to create
and implement a security methodology for the Brazilian market. This transaction
has been accounted for using the purchase method of accounting and accordingly
our operating results include the results of operations of SARIS since the date
of acquisition.

The acquisitions of Netrex, Inc. and NJH Security Consulting, were
completed in the third quarter of 1999. Founded in 1992 with a current services
customer base of more than 500 customers, Netrex was a leading provider of
remote, security monitoring services of digital assets. NJH Security Consulting
includes a technology foundation to provide an outsourced solution for the
automatic detection and management of customers' security risks using ISS
software solutions. This technology is being incorporated into our managed
security service offerings. These transactions were accounted for using the
pooling-of-interests method of accounting. Our consolidated financial statements
have been restated for all periods presented to include the results of Netrex.

Our business has been growing rapidly. Although we continue to experience
significant revenue growth, we cannot assure our stockholders that such growth
can be sustained and, therefore, investors should not rely on our past growth as
a predictor of future performance. We expect to continue to expand our domestic
and international sales and marketing operations, increase our investment in
product development including our proprietary threat and vulnerability database
and managed services capabilities, seek acquisition candidates that will enhance
our products and market share, and improve our internal operating and financial
infrastructure in support of our strategic goals and objectives. All of these
initiatives will increase operating expenses. Thus, our prospects must be
considered in light of the risks and difficulties frequently encountered by
companies in new and rapidly evolving markets. As a result, while we achieved
profitability throughout 1999 and in 2000, we cannot be certain that we can
sustain such profitability.

RESULTS OF OPERATIONS

The following table sets forth our consolidated historical operating
information, as a percentage of total revenues, for the periods indicated:



YEAR ENDED DECEMBER 31,
-----------------------
1998 1999 2000
----- ----- -----

Consolidated Statement of Operations Data:
Product licenses and sales.............................. 64.6% 63.6% 61.4%
Subscriptions........................................... 21.1 20.7 21.4
Professional services................................... 14.3 15.7 17.2
----- ----- -----
Total revenues.................................. 100.0 100.0 100.0
----- ----- -----
Cost of revenues.......................................... 34.9 32.4 30.5
Research and development.................................. 16.9 17.5 16.1
Sales and marketing....................................... 45.6 37.0 34.9
General and administrative................................ 11.5 7.9 7.4
Amortization.............................................. 0.4 0.9 0.6
Charge for in-process research and development............ 1.4 -- --
Merger costs.............................................. -- 2.0 --
----- ----- -----
Total costs and expenses........................ 110.7 97.7 89.5
----- ----- -----
Operating income (loss)................................... (10.7) 2.3 10.5
===== ===== =====


18
20

REVENUES

Our total revenues increased from $57.1 million in 1998 to $116.5 million
in 1999 and to $195 million in 2000. Historically we have generated most of our
revenues from product licenses and sales, which represented 65% in 1998, 64% in
1999 and 61% in 2000. Revenues from product licenses and sales increased from
$36.9 million in 1998 to $74.1 million in 1999 and to $119.7 million in 2000.
Product sales are generated both through a direct sales force and through
channel partners. When our partners generate sales, revenues are recognized when
the end user sale has occurred, which is identified through electronic delivery
of a software key that is necessary to operate the product.

We continue to add functionality to our SAFEsuite product family, including
our vulnerability assessment and intrusion detection products providing both
network and host based solutions and our security management applications. In
addition, in the second half of 2000, we introduced Nokia RealSecure, an
integrated offering of ISS intrusion detection software on a Nokia hardware
appliance. These improvements and new offerings provide our customers with more
powerful and easier-to-use solutions for security management across the
enterprise. In addition to sales of our proprietary software, product licenses
and sales include the sales of partner products as a part of our total solution
approach whereby we provision such products to provide a single solution source
for our customers.

Subscriptions revenue grew from $12.0 million in 1998 to $24.1 million in
1999 and to $41.7 million in 2000, representing 21% of total revenues in these
periods. Subscription revenues consist of maintenance, term licenses of product
usage and security monitoring fees for managed services offerings.

Professional services revenue increased from $8.1 million in 1998 to $18.3
million in 1999 and to $33.6 million in 2000, increasing from 14% of total
revenues in 1998 to 16% in 1999 and to 17% in 2000. We continue to build our
service capabilities to address the demand from our customers for security
consulting and implementation services and for expanded training offerings.

Geographically, we derived the majority of our revenues from sales to
customers within the Americas region; however, international operations
continued to be a significant contributor to revenues and a growing percentage
of the business. In the aggregate, the Europe and Asia/Pacific Rim regions
represented the following percentages of total revenues:



1998 1999 2000
---- ---- ----

Europe...................................................... 9% 11% 13%
Asia/Pacific Rim............................................ 3% 5% 8%


No customer represented more than 10% of our total revenues in any of these
periods.

COSTS AND EXPENSES

Cost of revenues

Cost of revenues consists of several components. Substantially all of the
cost of product licenses and sales represents payments to partners for their
products that we integrate with our products or provision to our customers in
providing a single solution source. Costs associated with licensing our products
are minor. Costs of product revenues as a percentage of total revenues decreased
from 16% in 1998 and 1999 to 12% in 2000, as sales of partner software and
hardware appliances represented a lower percentage of total revenues. This was a
conscientious effort to focus sales of partner products in 2000 to situations
where the ISS solution methodology was being employed, involving professional
services or monitoring services. In 1998 and 1999, results included sales by
Netrex prior to being acquired in 1999 using the pooling-of-interests method of
accounting; Netrex also emphasized sales without associated service offerings.

Cost of subscription and services includes the cost of our technical
support personnel who provide assistance to customers under maintenance
agreements, the operations center costs of providing managed security monitoring
services and the costs related to professional services and training. These
costs represented 19% in 1998, 16% in 1999 and 19% in 2000 of total revenues.
The decline in the percentage from 1998 to 1999 was the result of an increase in
the utilization of our professional services staff. In 2000, the percentage

19
21

increased as we made a significant commitment to our managed security offerings
in terms of automated systems, number of managed security operations centers and
personnel resources. We also committed resources to continue to build
professional services capabilities and more automated technical support
programs.

Research and development

Research and development expenses consist of salary and related costs of
research and development personnel, including costs for employee benefits, and
depreciation on computer equipment. These costs include those associated with
maintaining and expanding the "X-Force," our internal team of security experts
dedicated to understanding, documenting and coding new vulnerability checks,
real-time threats and attack signatures and developing solutions to address
global security issues. We continue to increase these expenditures, as we
perceive primary research and product development and managed service offerings
as essential ingredients for retaining our leadership position in the market. We
also increased the number of our development personnel focused on our
best-of-breed products, enterprise applications, managed services offerings and
research for future product offerings. Accordingly, research and development
expenses increased in absolute dollars from $9.7 million in 1998 to $20.4
million in 1999, and to $31.3 million in 2000. These costs represented 17% of
total revenues in 1998, 18% in 1999 and 16% in 2000. We will continue to seek
more leverage in the research and development area while continuing to invest in
the enhancement of current technologies and the development of new technologies.

We have reflected a charge of $802,000 in our 1998 statement of operations
for identified in-process research and development in connection with our
October 1998 acquisitions of two companies engaged in Windows NT, Unix and
database security assessment technologies. The charge was based on a valuation
of products under development using estimated future cash flows, reduced for the
core technology component of such products and the percentage of product
development remaining at the time of acquisition.

Sales and marketing

Sales and marketing expenses consist primarily of salaries, travel
expenses, commissions, advertising, maintenance of our Website, trade show
expenses, costs of recruiting sales and marketing personnel and costs of
marketing materials. Sales and marketing expenses were $26.0 million in 1998,
$43.1 million in 1999, and $68.0 million in 2000. Sales and marketing expenses
increased in total dollars during these periods primarily from our larger
workforce, which has increased each quarter, both domestically and
internationally. Sales and marketing expenses have decreased as a percentage of
total revenues from 46% in 1998 to 37% in 1999, and to 35% in 2000. The decrease
in sales and marketing expenses as a percentage of total revenues is due to
greater levels of productivity achieved by our sales force. We believe that
sales force productivity has benefited from the experience gained by sales
personnel in selling our broadening enterprise offering of products and services
as well as the heightened interest of the marketplace in such offerings. We
expect to continue to create leverage in our sales and marketing efforts through
better market segmentation, by focusing our direct sales force, and by expanding
the channel as a source of our product sales.

General and administrative

General and administrative expenses of $6.6 million in 1998, $9.2 million
in 1999 and $14.5 million in 2000, represented approximately 12% in 1998, 8% in
1999, and 7% in 2000 of our total revenues. General and administrative expenses
consist of personnel-related costs for executive, administrative, finance and
human resources, information systems and other support services costs and legal,
accounting and other professional service fees. The increase in these expenses
in absolute dollars is attributable to our efforts, through additional employees
and systems, to enhance our management's ability to obtain and analyze
information about our domestic and international operations, as well as the
expansion of our facilities. In November 2000 we began occupying our new
corporate headquarters in Atlanta incurring expenses associated with the move.
Additional costs will be incurred related to this move in 2001 as the
construction process is completed and the balance of our Atlanta personnel is
relocated to the new facility.

Merger costs of $2.3 million in 1999 represented the direct out-of-pocket
costs incurred in connection with two acquisitions. These costs were principally
investment advisor, legal and accounting fees. We also

20
22

incurred amortization expense of $230,000 in 1998, $992,000 in 1999, and $1.2
million in 2000 related to goodwill and intangible assets resulting from
acquisitions.

Interest income and foreign currency exchange loss

Net interest income increased from $2.3 million in 1998 to $5.9 million in
1999, and to $8.4 million in 2000 primarily due to increased amounts of cash
invested in interest-bearing securities. This increase in cash primarily
resulted from the sale of equity securities. The exchange loss of $136,000 in
1999 and $331,000 in 2000 is a result of fluctuations in currency exchange rates
between the U.S. Dollar and other currencies, primarily the Euro and, to a
lesser degree, the Japanese Yen.

Income taxes

We recorded a provision for income taxes of $62,000 in 1998, $976,000 in
1999, and $10.3 million in 2000. These provisions included taxes for Japanese
and European operations and the results of Netrex following our August 1999
merger. Prior to the merger, Netrex profits were taxed at the shareholder level.

In 1999, we utilized loss carryforwards to offset tax expense that would
otherwise be recorded on profits from certain operations for 1999. As of
December 31, 1999 substantially all loss carryforwards that would reduce future
income tax expense related to United States operations had been utilized. While
income tax expense was recorded on domestic income in 2000, taxes payable were
reduced by deductions related to the employee exercise of stock options. The tax
benefit for the use of these stock option deductions was recorded as additional
paid-in capital. As of December 31, 2000 we had a net operating loss
carryforward of approximately $78 million related to stock option deductions.
The tax benefit for this carryforward will be recorded as additional
paid-in-capital as realized. We also have approximately $2.4 million of research
and development tax credit carryforwards which expire between 2011 and 2020.

Quarterly Results of Operations

The following table sets forth certain unaudited consolidated quarterly
statement of operations data for the eight quarters ended December 31, 2000, as
well as such data expressed as a percentage of our total revenues for the
periods indicated. This data has been derived from unaudited consolidated
financial statements that, in our opinion, include all adjustments (consisting
only of normal recurring adjustments) necessary for a fair presentation of such
information when read in conjunction with our consolidated financial statements
and related notes appearing elsewhere in this document. As a result of our
limited operating history and the risks associated with the new and rapidly
evolving market that we serve, the operating results for any quarter below are
not necessarily indicative of results for any future period.



1999 2000
---------------------------------------- ----------------------------------------
MAR. JUN. SEPT. DEC. MAR. JUN. SEPT. DEC.
31 30 30 31 31 30 30 31
------- ------- ------- ------- ------- ------- ------- -------
(AMOUNTS IN THOUSANDS)

CONSOLIDATED STATEMENT OF
OPERATIONS DATA:
Revenues:
Product and license sales..... $14,458 $17,606 $19,200 $22,786 $24,778 $26,331 $31,770 $36,824
Subscriptions................. 4,883 5,497 6,202 7,559 8,089 9,537 10,938 13,142
Professional services......... 3,634 4,176 4,599 5,887 6,424 8,349 9,079 9,714
------- ------- ------- ------- ------- ------- ------- -------
22,975 27,279 30,001 36,232 39,291 44,217 51,787 59,680
Costs and expenses:
Cost of revenues.............. 6,518 9,206 9,856 12,120 11,988 13,039 16,409 17,988
Research and development...... 4,062 4,785 5,315 6,250 6,802 7,566 8,449 8,499
Sales and marketing........... 9,437 10,161 10,991 12,535 14,284 15,658 17,406 20,684
General and administrative.... 2,311 2,140 2,105 2,674 2,884 3,491 3,429 4,677
Amortization.................. 251 248 247 246 248 248 289 368
Merger costs.................. -- -- 2,329 -- -- -- -- --
------- ------- ------- ------- ------- ------- ------- -------
Total costs and
expenses.............. 22,579 26,540 30,843 33,825 36,206 40,002 45,982 52,216
Operating income (loss)......... 396 739 (842) 2,407 3,085 4,215 5,805 7,464
Interest income, net............ 861 1,513 1,640 1,888 1,868 2,070 2,253 2,224
Foreign currency exchange gain
(loss)........................ -- -- -- (136) (126) 95 (463) 163
------- ------- ------- ------- ------- ------- ------- -------


21
23



1999 2000
---------------------------------------- ----------------------------------------
MAR. JUN. SEPT. DEC. MAR. JUN. SEPT. DEC.
31 30 30 31 31 30 30 31
------- ------- ------- ------- ------- ------- ------- -------
(AMOUNTS IN THOUSANDS)

Income (loss) before taxes...... 1,257 2,252 798 4,159 4,827 6,380 7,595 9,851
Provision for income taxes...... 81 125 105 665 1,757 2,299 2,740 3,542
------- ------- ------- ------- ------- ------- ------- -------
Net income...................... $ 1,176 $ 2,127 $ 693 $ 3,494 $ 3,070 $ 4,081 $ 4,855 $ 6,309
======= ======= ======= ======= ======= ======= ======= =======
AS A PERCENTAGE OF TOTAL
REVENUES:
Revenues:
Product and license sales..... 62.9% 64.5% 64.0% 62.9% 63.1% 59.5% 61.4% 61.7%
Subscriptions................. 21.3% 20.2% 20.7% 20.9% 20.6% 21.6% 21.1% 22.0%
Professional services......... 15.8% 15.3% 15.3% 16.2% 16.3% 18.9% 17.5% 16.3%
------- ------- ------- ------- ------- ------- ------- -------
100% 100% 100% 100% 100% 100% 100% 100%
Costs and expenses:
Cost of revenues.............. 28.4% 33.8% 32.9% 33.5% 30.5% 29.5% 31.7% 30.1%
Research and development...... 17.7% 17.6% 17.7% 17.2% 17.3% 17.1% 16.3% 14.2%
Sales and marketing........... 41.1% 37.2% 36.6% 34.6% 36.4% 35.4% 33.6% 34.8%
General and administrative.... 10.0% 7.8% 7.0% 7.4% 7.3% 7.9% 6.6% 7.8%
Amortization.................. 1.1% 0.9% 0.8% 0.7% 0.6% 0.6% 0.6% 0.6%
Merger costs.................. --% --% 7.8% --% --% --% --% --%
------- ------- ------- ------- ------- ------- ------- -------
Total costs and
expenses.............. 98.3% 97.3% 102.8% 93.4% 92.1% 90.5% 88.8% 87.5%
Operating income (loss)......... 1.7% 2.7% (2.8)% 6.6% 7.9% 9.5% 11.2% 12.5%
======= ======= ======= ======= ======= ======= ======= =======


LIQUIDITY AND CAPITAL RESOURCES

In 2000 we met our working capital needs and capital equipment needs with
cash provided by operations. Cash provided by operations in 2000 totaled $20.5
million, resulting primarily from net income of $18.3 million, non-cash
depreciation and amortization expense of $7.5 million, income tax benefit from
employee exercises of stock options of $8.4 million; and the growth of deferred
revenues of $14.5 million. The increase in accounts receivable of $28.7 million,
associated with our growth, accounted for the primary use of our cash.

Our investing activities of $29.7 million in 2000 included the purchase of
$141.1 million of marketable securities, primarily interest-bearing government
obligations and commercial paper, offset by net proceeds from the maturity of
marketable securities of $132.9 million in 2000. We also invested in equipment
totaling $20.3 million as we provided existing and new personnel with the
computer hardware and software environment necessary to perform their job
functions and incurred leasehold improvement costs for our new headquarters. We
expect a similar level of equipment investment in 2001, assuming continued
growth in our number of employees, which includes additional leasehold
improvements for the new headquarters that are being completed and occupied in
phases over the course of 2001.

Our financing activities provided $6.1 million of cash in 2000, which
consisted primarily of proceeds of $5.5 million from the exercise of stock
options by our employees and $1.6 million of proceeds from the issuance of
common stock through our Employee Stock Purchase Plan.

At December 31, 2000, we had $132.1 million of cash and cash equivalents
and marketable securities, consisting primarily of money market accounts and
commercial paper carrying the highest investment grade rating. We believe that
such cash and cash equivalents and marketable securities will be sufficient to
meet our working capital needs and capital expenditures for the foreseeable
future. From time to time we evaluate possible acquisition and investment
opportunities in businesses, products or technologies that are complimentary to
ours. In the event we determine to pursue such opportunities, we may use our
available cash and cash equivalents. Pending such uses, we will continue to
invest our available cash in investment grade, interest-bearing investments.

Additionally, we have restricted marketable securities of $12.5 million
securing a $10 million letter of credit issued in connection with our commitment
to a long-term lease of our future Atlanta corporate operations.

22
24

RISK FACTORS

Forward-looking statements are inherently uncertain as they are based on
various expectations and assumptions concerning future events and are subject to
known and unknown risks and uncertainties. Our forward-looking statements should
be considered in light of the following important risk factors. Variations from
our stated intentions or failure to achieve objectives could cause actual
results to differ from those projected in our forward-looking statements. We
undertake no obligation to update publicly any forward-looking statements for
any reason, even if new information becomes available or other events occur in
the future.

We Have Only Recently Achieved Profitability

We began operations in 1994 and achieved profitability in 1999. We operate
in a new and rapidly evolving market and must, among other things:

- respond to competitive developments;

- continue to upgrade and expand our product and services offerings; and

- continue to attract, retain and motivate our employees.

We cannot be certain that we will successfully address these risks. As a
result, we cannot assure our investors that we will be able to continue to
operate profitably in the future.

Our Future Operating Results Will Likely Fluctuate Significantly

As a result of our limited operating history, we cannot predict our future
revenues and operating results. However, we do expect our future revenues and
operating results to fluctuate due to a combination of factors, including:

- the growth in the acceptance of, and activity on, the Internet and the
World Wide Web, particularly by corporate, institutional and government
users;

- the extent to which the public perceives that unauthorized access to and
use of online information are threats to network security;

- the volume and timing of orders, including seasonal trends in customer
purchasing;

- our ability to develop new and enhanced product and managed service
offerings and expand our professional services capabilities;

- our ability to provide scalable managed services offerings through our
partners in a cost effective manner;

- foreign currency exchange rates that affect our international operations;

- product and price competition in our markets; and

- general economic conditions, both domestically and in our foreign
markets.

We increasingly focus our efforts on sales of enterprise-wide security
solutions, which consist of our entire product suite and related professional
services, and managed security services, rather than on the sale of component
products. As a result, each sale may require additional time and effort from our
sales and support staff. In addition, the revenues associated with particular
sales vary significantly depending on the number of products licensed by a
customer, the number of devices used by the customer and the customer's relative
need for our professional services. Large individual sales, or even small delays
in customer orders, can cause significant variation in our license revenues and
results of operations for a particular period. The timing of large orders is
usually difficult to predict and, like many software and services companies,
many of our customers typically complete transactions in the last month of a
quarter.

We cannot predict our operating expenses based on our past results.
Instead, we establish our spending levels based in large part on our expected
future revenues. As a result, if our actual revenues in any future period fall
below our expectations, our operating results likely will be adversely affected
because very few of

23
25

our expenses vary with our revenues. Because of the factors listed above, we
believe that our quarterly and annual revenues, expenses and operating results
likely will vary significantly in the future.

Our ability to provide timely guidance and meet the expectations of
investors, industry analysts and brokerage firms with respect to our operating
and financial results is impacted by the tendency of a majority of our sales to
be completed in the last month of a quarter. We may not be able to determine
whether we will experience material deviations from guidance or expectations
until the end of a quarter.

We Must Attract and Retain Personnel While Competition for Personnel in Our
Industry is Intense

Competition in recruiting personnel in the software, network consulting and
managed services industries is intense. We believe our future success will
depend in part on our ability to recruit and retain highly skilled engineering,
technical, consulting, marketing, sales and management personnel. To accomplish
this, we believe we must provide competitive compensation, including stock
options that may require additional stockholder approval for increased
availability. Without sufficient available stock options, our ability to attract
and retain personnel may be impaired.

We Face Intense Competition in Our Market

The market for network security monitoring, detection and response
solutions is intensely competitive, and we expect competition to increase in the
future. We cannot guarantee that we will compete successfully against our
current or potential competitors, especially those with significantly greater
financial resources or brand name recognition. Our chief competitors generally
fall within one of five categories:

- internal information technology departments of our customers and the
consulting firms that assist them in formulating security systems;

- relatively smaller software companies offering relatively limited
applications for network and Internet security;

- large companies, including Symantec Corp., Cisco Systems, Inc., Network
Associates, Inc. and Bindview Development Corp., that sell competitive
products and offerings, as well as other large software companies that
have the technical capability and resources to develop competitive
products;

- software or hardware companies like Cisco Systems, Inc. that could
integrate features that are similar to our products into their own
products; and

- small and large companies with competitive offerings to components of our
managed services offerings.

Mergers or consolidations among these competitors, or acquisitions of small
competitors by larger companies, would make such combined entities more
formidable competitors to us. Large companies may have advantages over us
because of their longer operating histories, greater name recognition, larger
customer bases or greater financial, technical and marketing resources. As a
result, they may be able to adapt more quickly to new or emerging technologies
and changes in customer requirements. They can also devote greater resources to
the promotion and sale of their products than we can. In addition, these
companies have reduced and could continue to reduce, the price of their security
monitoring, detection and response products and managed security services, which
increases pricing pressures within our market.

Several companies currently sell software products (such as encryption,
firewall, operating system security and virus detection software) that our
customers and potential customers have broadly adopted. Some of these companies
sell products that perform the same functions as some of our products. In
addition, the vendors of operating system software or networking hardware may
enhance their products to include the same kinds of functions that our products
currently provide. The widespread inclusion of comparable features to our
software in operating system software or networking hardware could render our
products obsolete, particularly if such features are of a high quality. Even if
security functions integrated into operating system software or networking
hardware are more limited than those of our software, a significant number of
customers may accept more limited functionality to avoid purchasing additional
software.

24
26

For the above reasons, we may not be able to compete successfully against
our current and future competitors. Increased competition may result in price
reductions, reduced gross margins and loss of market share.

We Face Rapid Technological Change in Our Industry and Frequent Introductions
of New Products

Rapid changes in technology pose significant risks to us. We do not control
nor can we influence the forces behind these changes, which include:

- the extent to which businesses and others seek to establish more secure
networks;

- the extent to which hackers and others seek to compromise secure systems;

- evolving computer hardware and software standards;

- changing customer requirements; and

- frequent introductions of new products and product enhancements.

To remain successful, we must continue to change, adapt and improve our
products in response to these and other changes in technology. Our future
success hinges on our ability to both continue to enhance our current line of
products and professional services and to introduce new products and services
that address and respond to innovations in computer hacking, computer technology
and customer requirements. We cannot be sure that we will successfully develop
and market new products that do this. Any failure by us to timely develop and
introduce new products, to enhance our current products or to expand our
professional services capabilities in response to these changes could adversely
affect our business, operating results and financial condition.

Our products involve very complex technology, and as a consequence, major
new products and product enhancements require a long time to develop and test
before going to market. Because this amount of time is difficult to estimate, we
have had to delay the scheduled introduction of new and enhanced products in the
past and may have to delay the introduction of new products and product
enhancements in the future.

The techniques computer hackers use to gain unauthorized access to, or to
sabotage, networks and intranets are constantly evolving and increasingly
sophisticated. Furthermore, because new hacking techniques are usually not
recognized until used against one or more targets, we are unable to anticipate
most new hacking techniques. To the extent that new hacking techniques harm our
customers' computer systems or businesses, affected customers may believe that
our products are ineffective, which may cause them or prospective customers to
reduce or avoid purchases of our products.

Risks Associated with Our Global Operations

The expansion of our international operations includes our presence in
dispersed locations throughout the world, including throughout Europe and the
Asia/Pacific and Latin America regions. Our international presence and expansion
exposes us to risks not present in our U.S. operations, such as:

- the difficulty in managing an organization spread over various countries
located across the world;

- unexpected changes in regulatory requirements in countries where we do
business;

- excess taxation due to overlapping tax structures;

- fluctuations in foreign currency exchange rates; and

- export license requirements and restrictions on the export of certain
technology, especially encryption technology and trade restrictions.

Despite these risks, we believe that we must continue to expand our
operations in international markets to support our growth. To this end, we
intend to establish additional foreign sales operations, expand our existing
offices, hire additional personnel, expand our international sales channels and
customize our products for local markets. If we fail to execute this strategy,
our international sales growth will be limited.

25
27

Our Networks, Products and Services May be Targeted by Hackers

Like other companies, our websites, networks, information systems, products
and services may be targets for sabotage, disruption or misappropriation by
hackers. As a leading network security solutions company, we are a high profile
target. Although we believe we have sufficient controls in place to prevent
disruption and misappropriation, and to respond to situations, we expect these
efforts by hackers to continue. If these efforts are successful, our operations,
reputation and sales could be adversely affected.

We Must Successfully Integrate Acquisitions

As part of our growth strategy, we have and may continue to acquire or make
investments in companies with products, technologies or professional services
capabilities complementary to our solutions. When engaging in acquisitions, we
could encounter difficulties in assimilating new personnel and operations into
our company. These difficulties may disrupt our ongoing business, distract our
management and employees, increase our expenses and adversely affect our results
of operations. These difficulties could also include accounting requirements,
such as amortization of goodwill or in-process research and development expense.
We cannot be certain that we will successfully overcome these risks with respect
to any of our recent or future acquisitions or that we will not encounter other
problems in connection with our recent or any future acquisitions. In addition,
any future acquisitions may require us to incur debt or issue equity securities.
The issuance of equity securities could dilute the investment of our existing
stockholders.

We Depend on Our Intellectual Property Rights and Use Licensed Technology

We rely primarily on copyright and trademark laws, trade secrets,
confidentiality procedures and contractual provisions to protect our proprietary
rights. We have obtained one United States patent and have nine patent
applications under review. We also believe that the technological and creative
skills of our personnel, new product developments, frequent product
enhancements, our name recognition, our professional services capabilities and
delivery of reliable product maintenance are essential to establishing and
maintaining our technology leadership position. We cannot assure you that our
competitors will not independently develop technologies that are similar to
ours.

Despite our efforts to protect our proprietary rights, unauthorized parties
may attempt to copy aspects of our products or to obtain and use information
that we regard as proprietary. Policing unauthorized use of our products is
difficult. While we cannot determine the extent to which piracy of our software
products occurs, we expect software piracy to be a persistent problem. In
addition, the laws of some foreign countries do not protect our proprietary
rights to as great an extent as do the laws of the United States and many
foreign countries do not enforce these laws as diligently as U.S. government
agencies and private parties.

ITEM 7A. QUANTITATIVE AND QUALITATIVE DISCLOSURES ABOUT MARKET RISK

Interest Rate Sensitivity

The primary objective of our investment activities is to preserve principal
while at the same time maximizing the income we receive from our investments
without significantly increasing risk. Some of the securities that we have
invested in may be subject to market risk. This means that a change in
prevailing interest rates may cause the principal amount of the investment to
fluctuate. For example, if we hold a security that was issued with a fixed
interest rate at the then-prevailing rate and the prevailing interest rate later
rises, the principal amount of our investment will probably decline. To minimize
this risk, we maintain our portfolio of cash equivalents and marketable
securities in a variety of relatively short-term investments, including
commercial paper and overnight repurchase agreements. As of December 31, 2000,
only $14,800,000 of our securities had maturities beyond 90 days.

ITEM 8. CONSOLIDATED FINANCIAL STATEMENTS AND SUPPLEMENTARY DATA

See the index to Consolidated Financial Statements at Item 14

ITEM 9. CHANGES IN AND DISAGREEMENTS WITH ACCOUNTANTS ON ACCOUNTING AND
FINANCIAL DISCLOSURE

None.

26
28

PART III

Certain information required by Part III is omitted from this Form 10-K
because the Company will file a definitive Proxy Statement pursuant to
Regulation 14A not later than 120 days after the end of the fiscal year covered
by this Form 10-K, and certain information to be included therein is
incorporated herein by reference.

ITEM 10. DIRECTORS AND EXECUTIVE OFFICERS OF THE REGISTRANT

The information required by this Item is incorporated by reference to the
Proxy Statement under the sections captioned "Proposal 1 -- Election of
Directors," "Executive Compensation -- Directors and Executive Officers" and
"Compliance with Section 16(a) of the Securities Exchange Act of 1934."

ITEM 11. EXECUTIVE COMPENSATION

The information required by this Item is incorporated by reference to the
Proxy Statement under the section captioned "Executive Compensation."

ITEM 12. SECURITY OWNERSHIP OF CERTAIN BENEFICIAL OWNERS AND MANAGEMENT

The information required by this Item is incorporated by reference to the
Proxy Statement under the section captioned "Principal Stockholders."

ITEM 13. CERTAIN RELATIONSHIPS AND RELATED TRANSACTIONS

The information required by this Item is incorporated by reference to the
Proxy Statement under the section captioned "Executive Compensation -- Certain
Transactions with Management."

27
29

PART IV

ITEM 14. EXHIBITS, FINANCIAL STATEMENT SCHEDULES AND REPORTS ON FORM 8-K

(a) The following documents are filed as part of this Form 10-K:

1. Consolidated Financial Statements. The following consolidated
financial statements of Internet Security Systems, Inc. are filed as part
of this Form 10-K on the pages indicated:



PAGE
----

INTERNET SECURITY SYSTEMS, INC.
Report of Independent Auditors.............................. 32
Consolidated Balance Sheets as of December 31, 1999 and
2000...................................................... 33
Consolidated Statements of Operations for the Years Ended
December 31, 1998, 1999 and 2000.......................... 34
Consolidated Statements of Stockholders' Equity (Deficit)
for the Years Ended December 31, 1998, 1999 and 2000...... 35
Consolidated Statements of Cash Flows for the Years Ended
December 31, 1998, 1999 and 2000.......................... 36
Notes to Consolidated Financial Statements.................. 37
2. Consolidated Financial Statement Schedules:
Schedule II -- Valuation and Qualifying Accounts............ 49


Schedules other than the one listed above are omitted as the required
information is inapplicable or the information is presented in the
consolidated financial statements or related notes.

3. Exhibits. The exhibits to this Annual Report on Form 10-K have
been included only with the copy of this Annual Report on Form 10-K filed
with the Securities and Exchange Commission. Copies of individual exhibits
will be furnished to stockholders upon written request to the Company and
payment of a reasonable fee.



EXHIBIT
NUMBER DESCRIPTION OF EXHIBIT
- ------- ----------------------

3.1* -- Restated Certificate of Incorporation (filed as Exhibit 3.1
to the Company's Quarterly Report on Form 10-Q, dated
November 14, 2000.
3.2* -- Bylaws (filed as Exhibit 3.2 to the Company's Registration
Statement on Form S-1, Registration No. 333-44529 (the "Form
S-1").
4.1* -- Specimen Common Stock certificate (filed as Exhibit 4.1 to
the Form S-1).
4.2 -- See Exhibits 3.1 and 3.2 for provisions of the Certificate
of Incorporation and Bylaws of the Company defining the
rights of holders of the Company's Common Stock.
10.1* -- Restated 1995 Stock Incentive Plan (Amended and Restated as
of May 24, 2000) filed as Exhibit 99.1 to the Company's
Registration Statement on Form S-8, Registration No.
333-54670 dated January 31, 2001.
10.3* -- Stock Exchange Agreement dated December 9, 1997 (filed as
Exhibit 10.4 to the Form S-1).
10.5* -- Forms of Non-Employee Director Compensation Agreement,
Notice of Stock Option Grants and Stock Option Agreement
(filed as Exhibit 10.6 to the Form S-1).
10.7* -- Form of Indemnification Agreement for directors and certain
officers (filed as Exhibit 10.8 to the Form S-1).
10.9* -- Sublease for additional Atlanta facilities (filed as Exhibit
10.9 to the Company's Registration Statement on Form S-1,
Registration No. 333-71471).


28
30



EXHIBIT
NUMBER DESCRIPTION OF EXHIBIT
- ------- ----------------------

10.10* -- Lease for Atlanta headquarters and research and development
facility (filed as Exhibit 10.10 to the Company's Annual
Report on Form 10-K, dated March 30, 2000)
10.12 -- Letter Agreement dated December 14, 1999 with Mark Hangen
10.13 -- Letter Agreement dated June 27, 2000 with Kenneth Walters
10.14 -- Letter Agreement dated August 18, 2000 with Lawrence
Costanza
21.1* -- Subsidiaries of the Company.
23.1 -- Consent of Ernst & Young LLP.
23.2 -- Consent of PricewaterhouseCoopers LLP
23.3 -- Report of PricewaterhouseCoopers LLP
24.1 -- Power of Attorney, pursuant to which amendments to this
Annual Report on Form 10-K may be filed, is included on the
signature page contained in Part IV of the Form 10-K.


- ---------------

* Incorporated herein by reference to the indicated filing.

(b) Reports on Form 8-K

The Company filed a report on Form 8-K on October 20, 2000 containing the
Company's press release announcement of its results for the period ended
September 30, 2000.

29
31

REPORT OF INDEPENDENT AUDITORS

Board of Directors
Internet Security Systems, Inc.

We have audited the accompanying consolidated balance sheets of Internet
Security Systems, Inc. (formerly ISS Group, Inc.) as of December 31, 2000 and
1999, and the related consolidated statements of operations, stockholders'
equity (deficit), and cash flows for each of the three years in the period ended
December 31, 2000. Our audit also included the financial statement schedule
listed in the Index at Item 14(a). These financial statements and schedule are
the responsibility of the Company's management. Our responsibility is to express
an opinion on these financial statements and schedule based on our audits. We
did not audit the 1998 financial statements or schedule of Netrex, Inc., a
wholly owned subsidiary, which statements reflect total assets constituting 8%
and total revenues constituting 37% of the related consolidated totals. Those
statements and schedule were audited by other auditors whose report has been
furnished to us, and our opinion, insofar as it relates to the 1998 data
included for Netrex, Inc., is based solely on the report of the other auditors.

We conducted our audits in accordance with auditing standards generally
accepted in the United States. Those standards require that we plan and perform
the audit to obtain reasonable assurance about whether the financial statements
are free of material misstatement. An audit includes examining, on a test basis,
evidence supporting the amounts and disclosures in the financial statements. An
audit also includes assessing the accounting principles used and significant
estimates made by management, as well as evaluating the overall financial
statement presentation. We believe that our audits and the report of other
auditors provide a reasonable basis for our opinion.

In our opinion, based on our audits and, for 1998, the report of other
auditors, the financial statements referred to above present fairly, in all
material respects, the consolidated financial position of Internet Security
Systems, Inc. (formerly ISS Group, Inc.) at December 31, 2000 and 1999, and the
consolidated results of its operations and its cash flows for each of the three
years in the period ended December 31, 2000, in conformity with accounting
principles generally accepted in the United States. Also, in our opinion, based
on our audits and the report of the other auditors, the related financial
statement schedule, when considered in relation to the basic financial
statements taken as a whole, presents fairly in all material respects the
information set forth therein.

/s/ Ernst & Young LLP

Atlanta, Georgia
January 22, 2001

30
32

INTERNET SECURITY SYSTEMS, INC.

CONSOLIDATED BALANCE SHEETS



DECEMBER 31,
---------------------------
1999 2000
------------ ------------

ASSETS
Current assets:
Cash and cash equivalents................................. $ 70,090,000 $ 66,210,000
Marketable securities..................................... 56,693,000 65,938,000
Accounts receivable, less allowance for doubtful accounts
of $848,000 and $1,188,000, respectively............... 26,934,000 56,358,000
Inventory................................................. 473,000 2,275,000
Prepaid expenses and other current assets................. 2,122,000 5,717,000
------------ ------------
Total current assets.............................. 156,312,000 196,498,000
Property and equipment:
Computer equipment........................................ 10,108,000 20,199,000
Office furniture and equipment............................ 5,232,000 9,958,000
Leasehold improvements.................................... 870,000 6,609,000
------------ ------------
16,210,000 36,766,000
Less accumulated depreciation............................. 7,277,000 13,673,000
------------ ------------
8,933,000 23,093,000
Restricted marketable securities............................ 12,500,000 12,500,000
Goodwill, less accumulated amortization of $396,000 and
$876,000, respectively.................................... 2,775,000 3,167,000
Other intangible assets, less accumulated amortization of
$827,000 and $1,500,000, respectively..................... 4,019,000 3,346,000
Other assets................................................ 306,000 1,636,000
------------ ------------
Total assets...................................... $184,845,000 $240,240,000
============ ============
LIABILITIES AND STOCKHOLDERS' EQUITY
Current liabilities:
Accounts payable.......................................... $ 5,144,000 $ 4,200,000
Accrued expenses.......................................... 6,878,000 15,490,000
Deferred revenues......................................... 17,155,000 31,675,000
------------ ------------
Total current liabilities......................... 29,177,000 51,365,000
Other non-current liabilities............................... 515,000 486,000
Commitments and contingencies
Stockholders' equity:
Preferred stock; $.001 par value; 20,000,000 shares
authorized, none issued or outstanding................. -- --
Common stock; $.001 par value; 120,000,000 shares
authorized, 40,980,000 and 42,415,000 shares issued and
outstanding, respectively.............................. 41,000 42,000
Additional paid-in capital................................ 157,467,000 172,985,000
Deferred compensation..................................... (288,000) (86,000)
Accumulated other comprehensive income (loss)............. 100,000 (745,000)
Retained earnings (accumulated deficit)................... (2,167,000) 16,193,000
------------ ------------
Total stockholders' equity........................ 155,153,000 188,389,000
------------ ------------
Total liabilities and stockholders' equity........ $184,845,000 $240,240,000
============ ============


See accompanying notes.

31
33

INTERNET SECURITY SYSTEMS, INC.

CONSOLIDATED STATEMENTS OF OPERATIONS



YEAR ENDED DECEMBER 31,
----------------------------------------
1998 1999 2000
----------- ----------- ------------

Revenues:
Product licenses and sales........................... $36,908,000 $74,050,000 $119,703,000
Subscriptions........................................ 12,037,000 24,141,000 41,706,000
Professional services................................ 8,143,000 18,296,000 33,566,000
----------- ----------- ------------
57,088,000 116,487,000 194,975,000
Costs and expenses:
Cost of revenues:
Product licenses and sales........................ 8,875,000 18,842,000 22,653,000
Subscriptions and professional services........... 11,076,000 18,858,000 36,771,000
----------- ----------- ------------
Total cost of revenues....................... 19,951,000 37,700,000 59,424,000
Research and development............................. 9,655,000 20,412,000 31,316,000
Sales and marketing.................................. 25,998,000 43,124,000 68,032,000
General and administrative........................... 6,557,000 9,230,000 14,481,000
Amortization......................................... 230,000 992,000 1,153,000
Charge for in-process research and development....... 802,000 -- --
Merger costs......................................... -- 2,329,000 --
----------- ----------- ------------
63,193,000 113,787,000 174,406,000
Operating income (loss)................................ (6,105,000) 2,700,000 20,569,000
Interest income, net................................... 2,274,000 5,902,000 8,415,000
Foreign currency exchange loss......................... -- (136,000) (331,000)
----------- ----------- ------------
Income (loss) before income taxes...................... (3,831,000) 8,466,000 28,653,000
Provision for income taxes............................. 62,000 976,000 10,338,000
----------- ----------- ------------
Net income (loss)...................................... $(3,893,000) $ 7,490,000 $ 18,315,000
=========== =========== ============
Basic net income (loss) per share of Common Stock...... $ (0.12) $ 0.19 $ 0.44
=========== =========== ============
Diluted net income (loss) per share of Common Stock.... $ (0.12) $ 0.17 $ 0.41
=========== =========== ============
Weighted average shares:
Basic.................................................. 32,351,000 39,996,000 41,892,000
=========== =========== ============
Diluted................................................ 32,351,000 43,691,000 45,099,000
=========== =========== ============
Unaudited pro forma net loss per share of Common
Stock................................................ $ (0.11)
===========
Unaudited weighted average number of shares used in
calculating unaudited pro forma net loss per share of
Common Stock......................................... 34,963,000
===========


See accompanying notes.

32
34

INTERNET SECURITY SYSTEMS, INC.

CONSOLIDATED STATEMENTS OF STOCKHOLDERS' EQUITY (DEFICIT)


ACCUMULATED
OTHER RETAINED
COMMON STOCK ADDITIONAL COMPREHENSIVE EARNINGS
---------------------- PAID-IN DEFERRED INCOME (ACCUMULATED
SHARES AMOUNT CAPITAL COMPENSATION (LOSS) DEFICIT)
------------ ------- ------------ ------------ ------------- ------------

Balance at December 31, 1997....... 18,286,000 $18,000 $ 760,000 $(571,000) $(4,617,000)
Comprehensive income (loss):
Net loss....................... (3,893,000)
Translation adjustment......... 142,000
Issuance of Common Stock:
Initial public offering........ 6,140,000 6,000 61,525,000
Conversion of Redeemable,
Convertible Preferred Stock
in connection with the
initial public offering...... 11,474,000 12,000 8,866,000
Exercise of stock options...... 810,000 1,000 292,000
Acquisitions................... 316,000 3,901,000
Issuance to consultant......... 2,000 11,000
Subchapter S distributions of a
pooled entity.................. (216,000)
Buyout of former Subchapter S
stockholder.................... (14,000) (438,000)
Deferred compensation related to
stock options.................. 811,000 (811,000)
Amortization of deferred
compensation................... 720,000
---------- ------- ------------ --------- --------- -----------
Balance at December 31, 1998....... 37,028,000 37,000 76,152,000 (662,000) 142,000 (9,164,000)
Comprehensive income (loss):
Net income..................... 7,490,000
Translation adjustment......... (42,000)
Issuance of Common Stock:
Secondary public offering...... 2,778,000 3,000 77,361,000
Exercise of stock options...... 1,033,000 1,000 3,948,000
Pooling-of-interests........... 141,000 -- 6,000 164,000
Subchapter S distributions of a
pooled entity.................. (657,000)
Amortization of deferred
compensation................... 374,000
---------- ------- ------------ --------- --------- -----------
Balance at December 31, 1999....... 40,980,000 41,000 157,467,000 (288,000) 100,000 (2,167,000)
Comprehensive income (loss):
Net income..................... 18,315,000
Translation adjustment......... (845,000)
Issuance of Common Stock:
Exercise of stock options...... 1,367,000 1,000 5,507,000
Employee stock purchase plan... 39,000 1,634,000
Pooling-of-interests........... 29,000 45,000
Amortization of deferred
compensation................... 202,000
Tax benefit related to employee
options........................ 8,377,000
---------- ------- ------------ --------- --------- -----------
Balance at December 31, 2000....... 42,415,000 $42,000 $172,985,000 $ (86,000) $(745,000) $16,193,000
========== ======= ============ ========= ========= ===========



COMPREHENSIVE TOTAL
INCOME STOCKHOLDERS'
(LOSS) EQUITY (DEFICIT)
------------- ----------------

Balance at December 31, 1997....... $ (4,410,000)
Comprehensive income (loss):
Net loss....................... $(3,893,000) (3,893,000)
Translation adjustment......... 142,000 142,000
-----------
$(3,751,000)
===========
Issuance of Common Stock:
Initial public offering........ 61,531,000
Conversion of Redeemable,
Convertible Preferred Stock
in connection with the
initial public offering...... 8,878,000
Exercise of stock options...... 293,000
Acquisitions................... 3,901,000
Issuance to consultant......... 11,000
Subchapter S distributions of a
pooled entity.................. (216,000)
Buyout of former Subchapter S
stockholder.................... (452,000)
Deferred compensation related to
stock options.................. --
Amortization of deferred
compensation................... 720,000
------------
Balance at December 31, 1998....... 66,505,000
Comprehensive income (loss):
Net income..................... $ 7,490,000 7,490,000
Translation adjustment......... $ (42,000) (42,000)
-----------
$ 7,448,000
===========
Issuance of Common Stock:
Secondary public offering...... 77,364,000
Exercise of stock options...... 3,949,000
Pooling-of-interests........... 170,000
Subchapter S distributions of a
pooled entity.................. (657,000)
Amortization of deferred
compensation................... 374,000
------------
Balance at December 31, 1999....... 155,153,000
Comprehensive income (loss):
Net income..................... $18,315,000 18,315,000
Translation adjustment......... (845,000) (845,000)
-----------
$17,470,000
===========
Issuance of Common Stock:
Exercise of stock options...... 5,508,000
Employee stock purchase plan... 1,634,000
Pooling-of-interests........... 45,000
Amortization of deferred
compensation................... 202,000
Tax benefit related to employee
options........................ 8,377,000
------------
Balance at December 31, 2000....... $188,389,000
============


See accompanying notes.

33
35

INTERNET SECURITY SYSTEMS, INC.

CONSOLIDATED STATEMENTS OF CASH FLOWS



YEAR ENDED DECEMBER 31,
-------------------------------------------
1998 1999 2000
------------ ------------ -------------

OPERATING ACTIVITIES
Net income (loss)................................... $ (3,893,000) $ 7,490,000 $ 18,315,000
Adjustments to reconcile net income (loss) to net
cash (used in) provided by operating activities:
Depreciation...................................... 2,162,000 3,989,000 6,329,000
Amortization of goodwill and intangibles.......... 230,000 992,000 1,153,000
Accretion of discount on marketable securities.... -- (1,176,000) (1,088,000)
Charge for in-process research and development.... 802,000 -- --
Other non-cash expense............................ 838,000 327,000 166,000
Income tax benefit from exercise of stock
options........................................ -- -- 8,377,000
Changes in assets and liabilities, excluding the
effects of acquisitions:
Accounts receivable............................ (10,590,000) (10,241,000) (28,679,000)
Inventory...................................... 106,000 (425,000) (1,802,000)
Prepaid expenses and other assets.............. (541,000) (1,312,000) (4,664,000)
Accounts payable and accrued expenses.......... 2,679,000 3,303,000 7,900,000
Deferred revenues.............................. 5,299,000 8,822,000 14,520,000
------------ ------------ -------------
Net cash (used in) provided by operating
activities.............................. (2,908,000) 11,769,000 20,527,000
------------ ------------ -------------
INVESTING ACTIVITIES
Acquisitions, net of cash received.................. (5,206,000) (1,262,000)
Purchases of marketable securities.................. (55,517,000) (141,097,000)
Net proceeds from maturity of marketable
securities........................................ 132,940,000
Purchase of restricted marketable securities........ (12,500,000) --
Purchases of property and equipment................. (4,166,000) (6,356,000) (20,291,000)
------------ ------------ -------------
Net cash used in investing activities..... (9,372,000) (74,373,000) (29,710,000)
------------ ------------ -------------
FINANCING ACTIVITIES
Net proceeds from (payments on) long-term debt and
capital leases.................................... (165,000) (526,000) (993,000)
Net payments under line of credit................... (320,000) -- --
Capital transactions of merged entity............... (318,000) (1,107,000) --
Proceeds from exercise of stock options............. 292,000 3,949,000 5,507,000
Proceeds from employee stock purchase plan.......... -- -- 1,634,000
Net proceeds from public offerings.................. 61,531,000 77,364,000 --
------------ ------------ -------------
Net cash provided by financing
activities.............................. 61,020,000 79,680,000 6,148,000
------------ ------------ -------------
Foreign currency impact on cash..................... 142,000 (42,000) (845,000)
------------ ------------ -------------
Net increase (decrease) in cash and cash
equivalents....................................... 48,882,000 17,034,000 (3,880,000)
Cash and cash equivalents at beginning of year...... 4,174,000 53,056,000 70,090,000
------------ ------------ -------------
Cash and cash equivalents at end of year............ $ 53,056,000 $ 70,090,000 $ 66,210,000
============ ============ =============
SUPPLEMENTAL CASH FLOW DISCLOSURE
Interest paid....................................... $ 134,000 $ 33,000 $ 50,000
============ ============ =============
Capital lease obligations incurred.................. $ 468,000 $ 329,000 $ --
============ ============ =============
Income taxes paid................................... $ -- $ 47,000 $ 446,000
============ ============ =============


34
36

INTERNET SECURITY SYSTEMS, INC.

NOTES TO CONSOLIDATED FINANCIAL STATEMENTS
DECEMBER 31, 2000

1. SIGNIFICANT ACCOUNTING POLICIES

DESCRIPTION OF BUSINESS

The business of Internet Security Systems' and its subsidiaries ("ISS") is
focused on maintaining the latest security threat and vulnerability checks
within existing products and creating new products and services that are
consistent with ISS's goal of providing security management solutions. This
approach entails continuous security risk monitoring and response to develop an
active and informed network security policy.

Internet Security Systems, Inc. (formerly ISS Group, Inc.) was incorporated
in the State of Delaware on December 8, 1997 to be a holding company for
Internet Security Systems, Inc., a Georgia company incorporated in 1994 to
design, market, and sell computer network security assessment software. In
addition, ISS has various other subsidiaries in the United States, Europe and
the Asia/Pacific regions with primary marketing and sales responsibilities for
ISS's products and services in their respective markets. ISS is organized as,
and operates in, a single business segment that provides products, technical
support, managed security services and consulting and training services as
components of providing security management solutions.

On March 27, 1998 ISS completed an initial public offering ("IPO") of its
Common Stock. A total of 6,900,000 shares were sold at $11 per share. On March
2, 1999 ISS completed a second public offering of its Common Stock. A total of
5,178,000 shares were sold at $29.50 per share. ISS's shares are traded on the
NASDAQ National Market under the ticker symbol "ISSX".

Certain prior year amounts have been reclassified to conform to current
year presentation.

BASIS OF CONSOLIDATION AND FOREIGN CURRENCY TRANSLATIONS

The consolidated financial statements include the accounts of Internet
Security Systems, Inc. and its subsidiaries. All significant intercompany
investment accounts and transactions have been eliminated in consolidation.

Assets and liabilities of international operations are translated from the
local currency into U.S. dollars at the approximate rate of currency exchange at
the end of the fiscal period. Translation gains and losses of foreign operations
that use local currencies as the functional currency are included in accumulated
other comprehensive income (loss) as a component of stockholders' equity.
Revenues and expenses are translated at average exchange rates for the period.
Transaction gains and losses arising from exchange rate fluctuations on
transactions denominated in currency other than the local functional currency
are included in results of operations.

USE OF ESTIMATES

The preparation of financial statements in conformity with accounting
principles generally accepted in the United States requires management to make
estimates and assumptions that affect the amounts reported in the financial
statements and accompanying notes. Actual results may differ from those
estimates, and such differences may be material to the consolidated financial
statements.

REVENUE RECOGNITION

ISS recognizes its perpetual license revenue upon (i) delivery of software
or, if the customer has evaluation software, delivery of the software key, and
(ii) issuance of the related license, assuming no significant vendor obligations
or customer acceptance rights exist. For perpetual license agreements, when
payment terms extend over periods greater than twelve months, revenue is
recognized as such amounts are billable. Product sales consist of (i) appliances
sold in conjunction with ISS licensed software and

35
37
INTERNET SECURITY SYSTEMS, INC.

NOTES TO CONSOLIDATED FINANCIAL STATEMENTS -- (CONTINUED)

1. SIGNIFICANT ACCOUNTING POLICIES -- (CONTINUED)

(ii) software developed by third party-partners, combined in some instances with
associated hardware appliances and partner maintenance services. These sales are
recognized upon shipment to the customer.

Subscriptions revenues include maintenance, term licenses and security
monitoring services. Annual renewable maintenance is a separate component of
perpetual license agreements for which the revenue is recognized ratably over
the maintenance contract term. Term licenses allow customer use of the product
and maintenance for a specified period, generally twelve months, for which
revenues are also recognized ratably over the contract term. Security monitoring
services of information assets and systems are a part of managed services and
are recognized as such services are provided. Professional services revenues,
including consulting and training, are recognized as such services are
performed.

COSTS OF REVENUES

Costs of revenues include the costs of products and services. Cost of
products represents the cost of product sales which are incurred upon
recognition of the associated product revenues. Cost of services includes the
cost of ISS's technical support group who provide assistance to customers with
maintenance agreements, the operations center costs of providing managed
services and the costs related to ISS's professional services and training.

CASH AND CASH EQUIVALENTS

Cash equivalents include all highly liquid investments with maturities of
three months or less when purchased. Such amounts are stated at cost, which
approximates market value.

MARKETABLE SECURITIES

ISS's investment in marketable securities consists of debt instruments of
the U.S. Treasury, U.S. government agencies and corporate commercial paper. All
such marketable securities have a maturity of less than one year. These
investments are classified as available-for-sale and reported at fair market
value. The amortized cost of securities classified as available-for-sale is
adjusted for amortization of premiums and accretion of discounts to maturity.
Such amortization is included in interest income. Unrealized gains and losses on
available-for-sale securities were immaterial for 1999 and 2000. Realized gains
and losses, and declines in value judged to be other-than-temporary are included
in net securities gains (losses) and are included in ISS's results of
operations. Interest and dividends on securities classified as
available-for-sale are included in interest income.

CONCENTRATIONS OF CREDIT RISK

Financial instruments that potentially subject ISS to significant
concentrations of credit risk consist principally of cash and cash equivalents,
marketable securities and accounts receivable. ISS maintains cash and cash
equivalents in short-term money market accounts with three financial
institutions and in short-term, investment grade commercial paper. Marketable
securities consist of United States government agency securities and investment
grade commercial paper. ISS's sales are global, primarily to companies located
in the United States, Europe, Latin America and the Asia/Pacific regions. ISS
performs periodic credit evaluations of its customer's financial condition and
does not require collateral. Accounts receivable are due principally from large
U.S. companies under stated contract terms. ISS provides for estimated credit
losses as such losses become probable.

36
38
INTERNET SECURITY SYSTEMS, INC.

NOTES TO CONSOLIDATED FINANCIAL STATEMENTS -- (CONTINUED)

1. SIGNIFICANT ACCOUNTING POLICIES -- (CONTINUED)

FAIR VALUE OF FINANCIAL INSTRUMENTS

The carrying amounts reported in the balance sheets for cash and cash
equivalents, marketable securities, accounts receivable and accounts payable
approximate their fair values.

PROPERTY AND EQUIPMENT

Property and equipment are stated at cost less accumulated depreciation.
Depreciation is computed using the straight-line method for financial reporting
purposes over the estimated useful lives of the assets (primarily three years).

INVENTORY

Inventory consists of finished goods purchased for resale and is recorded
at the lower of cost or market.

GOODWILL AND INTANGIBLES

The major classes of intangible assets, including goodwill (excess of cost
over acquired net assets), at December 31, 1999 and 2000 are as follows:



LIFE 1999 2000
---- ---------- ----------

Goodwill................................................. 10 $3,171,000 $4,043,000
Less accumulated amortization............................ (396,000) (876,000)
---------- ----------
$2,775,000 $3,167,000
========== ==========
Core technology.......................................... 8 $3,853,000 $3,853,000
Developed technology..................................... 5 778,000 778,000
Work force............................................... 6 215,000 215,000
---------- ----------
4,846,000 4,846,000
Less accumulated amortization............................ (827,000) (1,500,000)
---------- ----------
$4,019,000 $3,346,000
========== ==========


Goodwill and other intangible assets are amortized using the straight-line
method for the period indicated. They are reviewed for impairment whenever
events indicate that their carrying amount may not be recoverable. In such
reviews, undiscounted cash flows associated with their carrying value are
compared with their carrying values to determine if a write-down to fair value
is required.

RESEARCH AND DEVELOPMENT COSTS

Research and development costs are charged to expense as incurred. ISS has
not capitalized any such development costs under Statement of Financial
Accounting Standards ("SFAS") No. 86, Accounting for the Costs of Computer
Software to Be Sold, Leased, or Otherwise Marketed, because the costs incurred
between the attainment of technological feasibility for the related software
product through the date when the product is available for general release to
customers has been insignificant.

ADVERTISING COSTS

ISS incurred advertising costs of $517,000 in 1998, $1,312,000 in 1999 and
$2,175,000 in 2000, which are expensed as incurred and are included in sales and
marketing expense in the statements of operations.

37
39
INTERNET SECURITY SYSTEMS, INC.

NOTES TO CONSOLIDATED FINANCIAL STATEMENTS -- (CONTINUED)

1. SIGNIFICANT ACCOUNTING POLICIES -- (CONTINUED)

STOCK BASED COMPENSATION

Accounting for Stock-Based Compensation ("SFAS 123"), establishes
accounting and reporting standards for stock based employee compensation plans.
As permitted by SFAS 123, ISS continues to account for stock-based compensation
in accordance with APB Opinion No. 25, Accounting for Stock Issued to Employees,
and has elected the pro forma disclosure alternative of SFAS 123.

INCOME (LOSS) PER SHARE

Basic net income (loss) per share (see Note 10) was computed by dividing
net income (loss) by the weighted average number of shares outstanding of Common
Stock. Diluted net income (loss) per share was computed by dividing net income
(loss) by the weighted average shares outstanding, including common equivalents
(when dilutive).

Unaudited pro forma net loss per share was computed by dividing net loss by
the unaudited weighted average number of shares of Common Stock outstanding plus
the assumed conversion of the Redeemable, Convertible Preferred Stock into
11,474,000 shares of Common Stock as of the later of (i) January 1, 1997 or (ii)
the date of issuance of such preferred stock, instead of March 27, 1998 when
such shares of preferred stock automatically converted into Common Stock.

RECENTLY ISSUED ACCOUNTING STANDARDS

In December 1999, the Securities and Exchange Commission Staff released
Staff Accounting Bulletin ("SAB") No. 101, "Revenue Recognition in Financial
Statements". SAB No. 101 provides guidance on the recognition, presentation and
disclosure of revenue in financial statements and is effective immediately.
Adoption of SAB No. 101 as of October 1, 2000 did not have a material impact on
results of operations or financial position.

2. BUSINESS COMBINATION AND ASSET ACQUISITION

In August 2000, ISS acquired privately-held ISYI of Padova, Italy. ISYI is
a leader in advanced network security services in the Italian market place and
an early provider of remote security monitoring services. In exchange for all
the outstanding stock of ISYI, approximately 29,100 shares of ISS common stock
were issued in a transaction exempt from registration under the Securities Act
of 1933. The transaction was accounted for using the pooling-of-interests method
of accounting; however, this transaction was not material to ISS's consolidated
operations and financial position and, therefore, the operating results of ISS
have not been restated for this transaction. The operating results of ISS
include the results of operations of ISYI since the date of acquisition.

In August 2000, ISS formed a Brazilian subsidiary, Internet Security
Systems Ltda, to affect the acquisition of Seguranca Ativa de Redes Internet e
Sistemas Ltda ("SARIS") for cash of $5,000. SARIS was formed in 1999 in order to
create and implement a security methodology for the Brazilian market. The
transaction was accounted for using the purchase method of accounting. Goodwill
of $977,000 related to the purchase was recorded and is being amortized using
the straight-line method over 24 months. The operating results of ISS include
the results of operations of SARIS since the date of acquisition.

In August 1999, ISS acquired Netrex, Inc., a leading provider of remote,
security monitoring services of digital assets, in a transaction that was
accounted for as a pooling-of-interests. To affect the business combination, ISS
issued approximately 2,450,000 shares of ISS stock in exchange for all of the
outstanding stock of Netrex. Additionally, options outstanding under the Netrex
Stock Plan were assumed by ISS resulting in approximately 510,000 additional ISS
shares being reserved for outstanding grants under the

38
40
INTERNET SECURITY SYSTEMS, INC.

NOTES TO CONSOLIDATED FINANCIAL STATEMENTS -- (CONTINUED)

2. BUSINESS COMBINATION AND ASSET ACQUISITION -- (CONTINUED)

Netrex Stock Plan. The consolidated financial statements of ISS, including share
and per share data, have been restated for all periods presented to include the
results of Netrex with all intercompany transactions with ISS eliminated in such
restatement.

Revenues and net income (loss) of the separate companies that includes
periods preceding the Netrex merger were as follows:



1998 1999
----------- ------------

Total revenues
ISS...................................................... $35,929,000 $ 74,204,000
Netrex................................................... 21,159,000 42,283,000
----------- ------------
Total revenues, as reported...................... $57,088,000 $116,487,000
=========== ============
Net income (loss)
ISS...................................................... $(4,102,000) $ 7,326,000
Netrex................................................... 209,000 164,000
----------- ------------
Combined................................................. $(3,893,000) $ 7,490,000
Business combination expenses.............................. -- 2,329,000
Pro forma income tax expense............................... -- (368,000)
----------- ------------
Pro forma net income (loss)................................ $(3,893,000) $ 9,451,000
=========== ============


Pro forma net income (loss) reflects adjustments to net income (loss) to
record an estimated provision for income taxes for each period presented
assuming Netrex was a taxpaying entity and excludes merger costs.

In September 1999, ISS acquired privately held NJH Security Consulting
("NJH"), which was based in Atlanta, Georgia. NJH is a consulting firm focused
on providing information security services to organizations worldwide.
Approximately 142,000 shares of ISS common stock were issued in exchange for all
of the outstanding stock of NJH. The transaction was accounted for using the
pooling-of-interests method of accounting; however, this transaction was not
material to ISS's consolidated operations and financial position and, therefore,
the operating results of ISS were not restated for this transaction. The
operating results of ISS include the results of operations of NJH since the date
of acquisition.

The consolidated statements of operations include merger costs of
$2,329,000 in 1999 that represent the direct out-of-pocket costs associated with
the Netrex and NJH business combinations. These costs were principally
investment advisor, legal and accounting fees.

In October 1998, ISS acquired March Information Systems Limited ("March"),
a United Kingdom-based developer of Windows NT and Unix-based security
assessment technologies. Also in October 1998, ISS acquired the technology of
DbSecure, Inc., a developer of database security risk assessment solutions. ISS
issued 316,000 shares of ISS Common Stock and paid $5,206,000 in cash
consideration and direct transaction costs for these acquisitions.

The 1998 acquisitions were accounted for as purchases and their results
have been included in the results of ISS's operations from the effective dates
of acquisition. Substantially all of the aggregate consideration of $9,144,000
was allocated to identified intangibles, including core and developed
technologies, in-process research and development, work force and goodwill (see
Note 1).

The valuations of core and developed technologies and in-process research
and development were based on the present value of estimated future cash flows
over the lesser of: (i) five years or (ii) the period in which the product is
expected to be integrated into an existing ISS product. The resulting values
were reviewed for reasonableness based on the time and cost spent on the effort,
the complexity of the development effort and, in

39
41
INTERNET SECURITY SYSTEMS, INC.

NOTES TO CONSOLIDATED FINANCIAL STATEMENTS -- (CONTINUED)

2. BUSINESS COMBINATION AND ASSET ACQUISITION -- (CONTINUED)

the case of in-process development projects, the stage to which it had
progressed. For in-process research and development, the valuation was reduced
for the core technology component of such product and the percentage of product
development remaining at the acquisition date. The resulting in-process research
and development amount of $802,000 was reflected as a charge in the 1998
statement of operations.

The following table summarizes pro forma results of operations as if the
acquisition of March was concluded on January 1, 1998 (the effect of the SARIS
acquisition in 2000 and the DbSecure acquisition in 1998 are not included as
their impact was immaterial). This pro forma information is not necessarily
indicative of what the combined operations would have been if ISS had control of
such combined businesses for the period presented.

The adjustments to the historical data reflect the following (i) reduction
of interest income in connection with the cash payments and (ii) amortization of
goodwill and intangibles.



1998
-----------
(UNAUDITED)

Revenues.................................................... $58,894,000
Operating loss.............................................. (6,537,000)
Net loss.................................................... (4,619,000)
Per share:
Basic and diluted net loss................................ $ (0.14)
Pro forma net loss........................................ $ (0.13)


3. MARKETABLE SECURITIES

The following is a summary of available-for-sale marketable securities as
of December 31:



1999 2000
----------- -----------

Unrestricted:
U.S. Treasury securities and obligations of U.S.
government agencies.................................... $18,907,000 $ --
U.S. corporate commercial paper........................... 37,786,000 65,938,000
Restricted:
U.S. corporate commercial paper........................... 12,500,000 12,500,000
----------- -----------
$69,193,000 $78,438,000
=========== ===========


As of December 31, 1999 and 2000 the cost of marketable securities
approximated fair value. The contractual maturities of all of these investments
were less than one year as of December 31, 2000. Marketable securities of
$12,500,000 are restricted as of December 31, 2000 as collateral for a letter of
credit issued by a financial institution related to the lease on the new ISS
headquarters.

4. REDEEMABLE, CONVERTIBLE PREFERRED STOCK

All of the outstanding shares of Redeemable, Convertible Preferred Stock
were automatically converted into an aggregate of 11,474,000 shares of Common
Stock on March 27, 1998 in connection with ISS's IPO.

5. STOCK OPTION PLANS

ISS's Incentive Stock Plan (the "Plan") provides for the granting of
qualified or nonqualified options to purchase shares of ISS's Common Stock.
Under the Plan, at December 31, 2000 there are 8,266,929 shares reserved for
future issuance which increases automatically on the first trading day of each
year by an amount

40
42
INTERNET SECURITY SYSTEMS, INC.

NOTES TO CONSOLIDATED FINANCIAL STATEMENTS -- (CONTINUED)

5. STOCK OPTION PLANS -- (CONTINUED)

equal to 3% of the number of shares of Common Stock outstanding on the last
trading day of the preceding year. An additional 160,000 shares have been
reserved for non-statutory options issued in 1997 to non-employee directors.

Certain options granted under the Plan prior to the IPO are immediately
exercisable, subject to a right of repurchase by ISS at the original exercise
price for all unvested shares. Options granted after the IPO are generally
exercisable as vesting occurs. Vesting is generally in equal annual installments
over four years, measured from the date of the grant.

Deferred compensation, which appears in the equity section of the balance
sheet, originated in 1998 by computing the difference between the exercise price
of stock options issued in December 1997 to the estimated price range for the
IPO as set forth in the initial filing on January 20, 1998 of ISS's Registration
Statement on Form S-1 and the exercise price of stock options issued in January
and February 1998 to the final estimated price range contained in ISS's
pre-effective amendment to its Registration Statement for the IPO filed in March
1998. The amounts are being charged to operations proportionately over the
four-year vesting period of the related stock options. Amortization of deferred
compensation was $720,000 in 1998, $374,000 in 1999 and $202,000 in 2000. All
other options are issued at fair market value on the date of grant.

A summary of ISS's stock option activity is as follows:



1998 1999 2000
--------------------- ---------------------- ----------------------
WEIGHTED WEIGHTED WEIGHTED
AVERAGE AVERAGE AVERAGE
NUMBER EXERCISE NUMBER EXERCISE NUMBER EXERCISE
OF SHARES PRICE OF SHARES PRICE OF SHARES PRICE
---------- -------- ----------- -------- ----------- --------

Outstanding at beginning of
year......................... 3,776,000 $ 1.36 5,205,000 $ 5.35 5,067,000 $13.58
Granted...................... 1,921,000 11.37 1,719,000 33.94 2,253,000 67.88
Exercised.................... (809,000) 0.36 (1,033,000) 3.81 (1,366,000) 4.63
Canceled..................... (129,000) 4.66 (884,000) 15.45 (702,000) 33.61
Assumed...................... 446,000 4.00 60,000 3.51 -- --
---------- ----------- -----------
Outstanding at end of year..... 5,205,000 5.35 5,067,000 13.58 5,252,000 36.54
========== =========== ===========
Exercisable at end of year..... 3,219,000 1.95 2,693,000 3.00 1,430,000 13.24
========== =========== ===========
Weighted average fair value of
options granted during the
year......................... $ 13.68 $ 29.01 $ 59.25
========== =========== ===========


The following table summarizes information about stock options outstanding
at December 31, 2000:



OPTIONS FULLY
OPTIONS OUTSTANDING VESTED AND EXERCISABLE
---------------------------- -----------------------
NUMBER OF WEIGHTED NUMBER
OPTIONS AVERAGE EXERCISABLE WEIGHTED
OUTSTANDING AT REMAINING AT AVERAGE
DECEMBER 31, CONTRACTUAL DECEMBER 31, EXERCISE
RANGE OF EXERCISE PRICES 2000 LIFE 2000 PRICE
- ------------------------ -------------- ----------- ------------ --------

$.08-.49................................. 338,000 5.79 244,000 $ 0.17
$.50-3.99................................ 794,000 7.04 470,000 $ 3.32
$4.00-11.99.............................. 642,000 7.21 296,000 $ 8.94
$12.00-24.99............................. 297,000 7.80 122,000 $17.06
$25.00-54.99............................. 1,181,000 8.71 224,000 $36.62
$55.00-69.99............................. 1,156,000 9.32 75,000 $58.94
$70.00-85.63............................. 844,000 9.57 -- --


41
43
INTERNET SECURITY SYSTEMS, INC.

NOTES TO CONSOLIDATED FINANCIAL STATEMENTS -- (CONTINUED)

5. STOCK OPTION PLANS -- (CONTINUED)

Pro forma information regarding net income and net income per share is
required by SFAS 123, which also requires that the information be determined as
if ISS had accounted for its employee stock options granted subsequent to
December 31, 1994 under the fair value method prescribed by that Statement. The
fair value for options granted was estimated at the date of grant using the
Black-Scholes option-pricing model. The following weighted average assumptions
were used for 1998, 1999 and 2000, respectively: risk-free interest rates of
5.27%, 6.19% and 6.27%, respectively; no dividend yield; volatility factors of
.60, 1.25 and 1.29 respectively; and an expected life of the options of 5 years.

The Black-Scholes option valuation model was developed for use in
estimating the fair value of traded options that have no vesting restrictions
and are fully transferable. In addition, option valuation models require the
input of highly subjective assumptions including the expected stock price
volatility. Because employee stock options have characteristics different from
those of traded options, and because the changes in the subjective input
assumptions can materially affect the fair value estimate, in management's
opinion, the existing models do not necessarily provide a reliable single
measure of the fair value of its employee stock options.

For purposes of pro forma disclosures, the estimated fair value of the
option is amortized to expense over the options' vesting period. The following
pro forma information adjusts the net income (loss) and net income (loss) per
share of Common Stock for the impact of SFAS 123:



YEAR ENDED DECEMBER 31,
------------------------------------
1998 1999 2000
----------- -------- -----------

Pro forma net income (loss)............................... $(6,551,000) $743,000 $(8,003,000)
=========== ======== ===========
Pro forma net income (loss) per share..................... $ (0.20) $ 0.02 $ (0.19)
=========== ======== ===========


6. LONG-TERM DEBT AND CAPITAL LEASE OBLIGATIONS

ISS has an agreement with a bank providing for a revolving working capital
line of credit and a term loan facility. Under the terms of the agreement, ISS
may borrow up to $3,000,000 (subject to a borrowing formula) and $500,000,
respectively, with interest payable monthly at prime plus .5 percent. The line
of credit and the term loan facility are collateralized by certain assets of the
Company. There are no amounts outstanding under this arrangement at December 31,
1999 and 2000.

ISS leases certain property and equipment under capital leases. Obligations
under such lease agreements amounted to $688,000 and $212,000 at December 31,
1999 and 2000, respectively. Future minimum lease payments under these leases
are: $124,000 in 2001, $35,000 in 2002, $39,000 in 2003 and $14,000 in 2004,
respectively.

7. COMMITMENTS AND CONTINGENT LIABILITIES

ISS has non-cancelable operating leases for facilities that expire at
various dates through October 2011. In 1999, ISS entered into an 11 1/2-year
lease for a new corporate headquarters, which it began to occupy in various
stages in November 2000.

42
44
INTERNET SECURITY SYSTEMS, INC.

NOTES TO CONSOLIDATED FINANCIAL STATEMENTS -- (CONTINUED)

7. COMMITMENTS AND CONTINGENT LIABILITIES -- (CONTINUED)

Future minimum payments under non-cancelable operating leases with initial
terms of one year or more consisted of the following at December 31, 2000:



OPERATING
LEASES
------------

2001....................................................... 11,094,000
2002....................................................... 13,216,000
2003....................................................... 11,675,000
2004....................................................... 12,744,000
2005....................................................... 12,900,000
Thereafter................................................. 84,687,000
------------
Total minimum lease payments..................... $146,317,000
============


Rent expense was approximately $2,098,000, $2,831,000 and $4,939,000 for
the years ended December 31, 1998, 1999, and 2000, respectively.

8. INCOME TAXES

For financial reporting purposes, the provision for income taxes includes
the following components, all of which are current:



YEAR ENDED DECEMBER 31,
--------------------------------
1998 1999 2000
------- -------- -----------

Federal income taxes.................................. $ -- $730,000 $ 8,421,000
State income taxes.................................... -- 149,000 691,000
Foreign income taxes.................................. 62,000 97,000 1,226,000
------- -------- -----------
Total provision for income taxes............ $62,000 $976,000 $10,338,000
======= ======== ===========


Pre-tax income attributable to foreign and domestic operations is
summarized below:



YEAR ENDED DECEMBER 31,
--------------------------------------
1998 1999 2000
----------- ---------- -----------

U.S. operations.................................. $(3,297,000) $8,065,000 $26,226,000
Japan operations................................. (642,000) 213,000 3,156,000
U.K. operations.................................. 90,000 132,000 (437,000)
Other............................................ 18,000 57,000 (292,000)
----------- ---------- -----------
$(3,831,000) $8,467,000 $28,653,000
=========== ========== ===========


43
45
INTERNET SECURITY SYSTEMS, INC.

NOTES TO CONSOLIDATED FINANCIAL STATEMENTS -- (CONTINUED)

8. INCOME TAXES -- (CONTINUED)

A reconciliation of the provision for income taxes to the statutory federal
income tax rate is as follows:



YEAR ENDED DECEMBER 31,
---------------------------------------
1998 1999 2000
----------- ----------- -----------

Federal income taxes applied to pretax income
(loss)........................................ $(1,440,000) $ 2,878,000 $10,029,000
State income taxes, net of federal income tax
benefit....................................... (160,000) 149,000 691,000
Alternative Minimum Tax......................... -- 230,000 --
Intangibles..................................... 345,000 209,000 57,000
Research and development tax credits............ (384,000) (717,000) (1,104,000)
Merger expenses not deductible for tax
purposes...................................... -- 792,000 --
S Corp earnings................................. -- (255,000) --
Foreign operations.............................. 62,000 97,000 223,000
Other........................................... 42,000 -- 672,000
Change in valuation allowance................... 1,597,000 (2,407,000) (230,000)
----------- ----------- -----------
$ 62,000 $ 976,000 $10,338,000
=========== =========== ===========


Deferred income taxes reflect the net income tax effects of temporary
differences between the carrying amounts of assets and liabilities for financial
reporting purposes and the amounts used for income tax purposes. The net income
tax effect has been computed using a combined statutory rate of 38% for federal
and state taxes. Significant components of ISS's net deferred income taxes are
as follows:



DECEMBER 31,
---------------------------
1999 2000
------------ ------------

Deferred income tax assets:
Depreciation and amortization........................... 267,000 446,000
Accrued liabilities..................................... 121,000 206,000
Allowance for doubtful accounts......................... 165,000 329,000
Deferred compensation................................... 142,000 --
Net operating loss carryforwards........................ 9,986,000 29,602,000
AMT credit carryforwards................................ 230,000 --
Research and development tax credit carryforwards....... 1,336,000 2,440,000
------------ ------------
Total deferred income tax assets................ 12,247,000 33,023,000
------------ ------------
Less valuation allowance.................................. (12,247,000) (33,023,000)
------------ ------------
Net deferred income tax assets.................. $ -- $ --
============ ============


For financial reporting purposes, a valuation allowance has been recognized
to reduce the net deferred income tax assets to zero. ISS has not recognized any
benefit from the future use of the deferred tax assets because management's
evaluation of all the available evidence in assessing the realizability of the
tax benefits of such loss carryforwards indicates that the underlying
assumptions of future profitable operations contain risks that do not provide
sufficient assurance to recognize such tax benefits currently.

The deferred income tax assets include approximately $12,247,000 and
$33,023,000 at December 31, 1999 and 2000, respectively, of assets that were
created by or are subject to valuation allowance as a result of stock option
deductions. While income tax expense will be recorded on any future pre-tax
profits from United States operations, these deferred tax assets would reduce
the related income taxes payable. This reduction in income taxes payable in
future periods would be recorded as additional paid-in capital.

ISS has approximately $77,900,000 of net operating loss carryforwards for
federal income tax purposes that expire in varying amounts between 2011 and
2020. The net operating loss carryforwards may be subject to

44
46
INTERNET SECURITY SYSTEMS, INC.

NOTES TO CONSOLIDATED FINANCIAL STATEMENTS -- (CONTINUED)

8. INCOME TAXES -- (CONTINUED)

certain limitations in the event of a change in ownership. ISS also has
approximately $2,440,000 of research and development tax credit carryforwards
that expire between 2011 and 2020.

9. EMPLOYEE STOCK AND BENEFIT PLANS

ISS sponsors a 401(k) plan that covers substantially all employees over 18
years of age. Participating employees may contribute up to 15% of their pre-tax
salary, but not more than statutory limits. Beginning in 2000 ISS matches 25% of
a participants contributions with a maximum contribution of 3% of a
participant's contributions. Matching contributions in 2000 were $196,000. Prior
to 2000 ISS made no contributions to the plan.

Effective July 1, 1999 ISS implemented an employee stock purchase plan (the
"Plan") for all eligible employees. Under the Plan, shares of ISS's Common Stock
may be purchased at six-month intervals at 85% of the lower of the fair market
value on the first or the last day of each six-month period. Employees may
purchase shares with aggregate fair value up to 10% of their gross compensation
during a six-month period. During 2000 employees purchased 39,000 shares at an
average price of $41.44 per share. At December 31, 2000, 411,000 shares of ISS
Common Stock were reserved for future issuance.

10. INCOME (LOSS) PER SHARE

The following table sets forth the computation of basic and diluted net
income (loss) per share:



YEAR ENDED DECEMBER 31,
---------------------------------------
1998 1999 2000
----------- ----------- -----------

Numerator:
Net income (loss)..................................... $(3,893,000) $ 7,490,000 $18,315,000
----------- ----------- -----------
Denominator:
Denominator for basic net (income) loss per share --
weighted average shares............................ 32,351,000 39,996,000 41,892,000
Effect of dilutive stock options...................... -- 3,695,000 3,207,000
----------- ----------- -----------
Denominator for diluted net income (loss) per share --
weighted average shares............................ 32,351,000 43,691,000 45,099,000
----------- -----------
Redeemable, Convertible Preferred Stock............... 2,612,000
-----------
Weighted average shares for pro forma net loss per
share.............................................. 34,963,000
===========
Basic net income (loss) per share....................... $ (0.12) $ 0.19 $ 0.44
=========== =========== ===========
Diluted net income (loss) per share..................... $ (0.12) $ 0.17 $ 0.41
=========== =========== ===========
Pro forma net income (loss) per share................... $ (0.11)
===========


Options aggregating 5,205,000 at December 31, 1998 were not included in the
above calculations as they were anti-dilutive.

45
47
INTERNET SECURITY SYSTEMS, INC.

NOTES TO CONSOLIDATED FINANCIAL STATEMENTS -- (CONTINUED)

11. EXPORT SALES

ISS generates export sales from the United States to the Europe,
Asia/Pacific Rim and Latin America regions. Also, revenues are generated from
ISS's foreign operations in these regions. In the aggregate, the Europe,
Asia/Pacific Rim and Latin America regions represented the following percentages
of total revenues:



1998 1999 2000
---- ---- ----

Europe...................................................... 9% 11% 13%
Asia/Pacific Rim............................................ 3% 5% 8%
Latin America............................................... -- 1% 3%


12. QUARTERLY FINANCIAL RESULTS (UNAUDITED)

Summarized quarterly results for the two years ended December 31, 1999 and
2000 are as follows (in thousands, except per share data):



FIRST SECOND THIRD FOURTH
------- ------- ------- -------

1999 by quarter:
Revenues........................................ $22,975 $27,279 $30,001 $36,232
Operating income (loss)......................... 396 739 (842) 2,407
Net income...................................... 1,176 2,127 693 3,494
Income per share:
Basic........................................... $ 0.03 $ 0.05 $ 0.02 $ 0.09
Diluted......................................... $ 0.03 $ 0.05 $ 0.02 $ 0.08
2000 by quarter:
Revenues........................................ $39,291 $44,217 $51,787 $59,680
Operating income................................ 3,085 4,215 5,805 7,464
Net income...................................... 3,070 4,081 4,855 6,309
Income per share:
Basic........................................... $ 0.07 $ 0.10 $ 0.12 $ 0.15
Diluted......................................... $ 0.07 $ 0.09 $ 0.11 $ 0.14


Because of the method used in calculating per share data, the quarterly per
share data will not necessarily total the per share data as computed for the
year.

46
48

SCHEDULE II

VALUATION AND QUALIFYING ACCOUNTS



BALANCE AT
BEGINNING OF BALANCE AT
YEAR PROVISION WRITE-OFFS END OF YEAR
------------ --------- ---------- -----------

1998
Allowance for Doubtful Accounts................... $286,000 $229,000 $(103,000) $ 412,000
======== ======== ========= ==========
1999
Allowance for Doubtful Accounts................... $412,000 $554,000 $(118,000) $ 848,000
======== ======== ========= ==========
2000
Allowance for Doubtful Accounts................... $848,000 $556,000 $(216,000) $1,188,000
======== ======== ========= ==========


47
49

SIGNATURES

Pursuant to the requirements of the Section 13 or 15(d) of the Securities
Exchange Act of 1934, the Registrant has duly caused this Report to be signed on
its behalf by the undersigned, thereunto duly authorized.

INTERNET SECURITY SYSTEMS, INC.

By: /s/ Richard Macchia
------------------------------------
Richard Macchia
Vice President and Chief Financial
Officer

By: /s/ Maureen Richards
------------------------------------
Maureen Richards
Corporate Controller
Dated: March 30, 2001

POWER OF ATTORNEY

KNOW ALL PERSONS BY THESE PRESENTS, that each person whose signature
appears below hereby severally constitutes and appoints, Thomas E. Noonan,
Richard Macchia and Maureen Richards, and each or any of them, his true and
lawful attorney-in-fact and agent, each with the power of substitution and
resubstitution, for him in any and all capacities, to sign any and all
amendments to this Annual Report (Form 10-K) and to file the same, with exhibits
thereto and other documents in connection therewith, with the Securities and
Exchange Commission, hereby ratifying and confirming all that each said
attorney-in-fact and agent, or his substitute or substitutes, may lawfully do or
cause to be done by virtue hereof.

Pursuant to the requirements of the Securities Exchange Act of 1934, this
Report has been signed below by the following persons on behalf of the
Registrant and in the capacities and on the dates indicated.



NAME TITLE DATE
---- ----- ----


/s/ Thomas E. Noonan Chairman, President and Chief March 30, 2001
- ----------------------------------------------------- Executive (Principal
Thomas E. Noonan Executive Officer)

/s/ Christopher W. Klaus Chief Technology Officer, March 30, 2001
- ----------------------------------------------------- Secretary and Director
Christopher W. Klaus

/s/ Richard Macchia Vice President and Chief March 30, 2001
- ----------------------------------------------------- Financial Officer
Richard Macchia

/s/ Richard S. Bodman Director March 30, 2001
- -----------------------------------------------------
Richard S. Bodman

/s/ Robert E. Davoli Director March 30, 2001
- -----------------------------------------------------
Robert E. Davoli

/s/ Sam Nunn Director March 30, 2001
- -----------------------------------------------------
Sam Nunn

/s/ Kevin J. O'Connor Director March 30, 2001
- -----------------------------------------------------
Kevin J. O'Connor

/s/ David N. Strohm Director March 30, 2001
- -----------------------------------------------------
David N. Strohm


48
50

CONSENT OF INDEPENDENT AUDITORS

We consent to the reference to our firm under the caption "Experts" in the
Registration Statement (Form S-3 No. 333-87557) and related prospectus of
Internet Security Systems, Inc. for the registration of 723,987 shares of Common
Stock and to the incorporation by reference therein of our report dated January
21, 2000, with respect to the consolidated financial statements and schedule of
Internet Security Systems, Inc. included in this Annual Report (Form 10-K) for
the year ended December 31, 1999, filed with the Securities and Exchange
Commission.

We also consent to the incorporation by reference in the Registration
Statements and in the related prospectuses of Internet Security Systems, Inc.
listed below of our report dated January 21, 2000, with respect to the
consolidated financial statements and schedule of Internet Security Systems,
Inc. included in this Annual Report (Form 10-K) for the year ended December 31,
1999:

Registration Statement No. 333-53279 on Form S-8 (Restated 1995 Stock Incentive
Plan)
Registration Statement No. 333-89563 on Form S-8 (Internet Security Systems Inc.
1995
Stock Incentive Plan, 1999 Employee Stock Purchase Plan,
1999 International Employee Stock Purchase Plan, Netrex, Inc. 1998 Stock Plan)

/s/ ERNST & YOUNG LLP

Atlanta, Georgia
March 23, 2001

49