Internet Security Systems Launches New Service To Protect Retail Organizations

Company’s First Vertical Offering To Prevent Theft of Sensitive Customer Data, Assist Retailers in Complying with Payment Card Industry (PCI) Standard

ATLANTA — September 20, 2005 — Internet Security Systems (ISS) (NASDAQ: ISSX) today announced that it is offering a new security solution tailored specifically to help retail organizations. Building on its Proventia® Enterprise Security Platform (ESP) and the company’s in-depth security intelligence and consulting experience, ISS has developed the ISS ESP for Retail Organizations, a seamless process for addressing the specific business needs, compliance concerns and traditional security vulnerabilities of retailers.

Retail has been one of the industries most targeted by hackers in 2005, alongside financial services. At the same time, retail significantly lags behind other industries when it comes to IT security. The ISS ESP for Retail Organizations has been designed to close this security gap and help prevent increasingly common incidents such as the highly-publicized theft of customer data from DSW Shoe Warehouse uncovered in March 2005.

“In light of all the recent customer data breaches at major companies, this solution is very timely,” said Loren Rudd, research analyst at Frost & Sullivan. “In today’s ever-changing security environment, large retailers just cannot afford to take chances with their information systems.”

ISS products and services are currently used by six out of the top 10 biggest U.S. retail organizations. Through this new offering, ISS will help additional retail companies maintain business continuity during the holiday shopping season, safeguard the privacy of their customers’ personal data, shield critical systems and achieve compliance with the newly-enforced Payment Card Industry (PCI) standard. The PCI standard was developed by MasterCard and Visa to mandate specific computer security measures for all organizations that process, store or transmit cardholder data. Retailers were given until June 30, 2005 to comply with the standard.

“An alarming trend is on the rise involving retailers’ own employees working with hackers to place keyboard protectors over card readers to secretly record credit card numbers and pins,” said Ray Gazaway, vice president of Professional Security Services at ISS. “Through our new offering, ISS will be protecting retailers against this issue and other types of data scams.”

ISS will assist retail organizations in minimizing risks, like those mentioned above, by enacting a “defense in depth” approach, combining the forces of education, processes and technology to build comprehensive protection plans for customers. Specifically, ISS will lead retail customers through the following phases:

IRCE 2008 Conference Multi-Media CD-ROM

• Establish – Assess current state of security and risks

• Evaluate – Determine the people, processes and technology needed to achieve security best practices while generating policies and procedures to alleviate risks

• Enforce – Implement preemptive security technology at vulnerable points, while managing and monitoring state of security 24/7/365; develop incident response (back-up) plan for critical systems, educate employees and shareholders, respond to security events as needed and provide comprehensive reports on security events

• Evaluate – Justify cost of security measures and maintain regulatory compliance

The ISS Enterprise Security Platform for Retail Organizations is available now. For further information on retail security, please see the ISS white paper, “Open for Business – And Wide Open for Theft,” at: http://documents.iss.net/ISS_Retail_Exec_Brief.pdf

About Internet Security Systems, Inc.
Internet Security Systems, Inc. (ISS) is the trusted expert to global enterprises and world governments, providing products and services that protect against Internet threats. An established world leader in security since 1994, ISS delivers proven cost efficiencies and reduces regulatory and business risk across the enterprise. ISS products and services are based on the proactive security intelligence conducted by ISS’ X-Force® research and development team – the unequivocal world authority in vulnerability and threat research. Headquartered in Atlanta, Internet Security Systems has additional operations throughout the Americas, Asia, Australia, Europe and the Middle East. For more information, visit the Internet Security Systems Web site at www.iss.net or call 800-776-2362.

This release, other than historical information, includes forward-looking statements made pursuant to the “safe harbor” provisions of the Private Securities Litigation Reform Act of 1995. Some of these forward-looking statements include those describing future security services not yet released. The risks and uncertainties which could cause actual results to differ materially from those in the forward-looking statements include, but are not limited to, the following: the level of demand for ISS’ products; product and price competition; the extent to which unauthorized access to and use of online information is perceived as a threat to network security; customer budgets; risks concerning the rapid change of technology; and general economic factors. These risks and others are discussed in ISS` periodic filings with the Securities and Exchange Commission. These filings can be obtained either by contacting ISS Investor Relations or through the Securities and Exchange Commission`s Web site at http://www.sec.gov.

###

Internet Security Systems is a trademark and X-Force and Proventia are registered trademarks of Internet Security Systems, Inc. All other companies and products mentioned are trademarks and property of their respective owners.