UNITED STATES

SECURITIES AND EXCHANGE COMMISSION

Washington, D.C. 20549

FORM 10-K

Commission file number 0-23655

INTERNET SECURITY SYSTEMS, INC.

(Exact name of Registrant as Specified in Its Charter)

Registrant’s telephone number, including area code:  (404) 236-2600

Securities registered pursuant to Section 12(b) of the Act: None

Securities registered pursuant to Section 12(g) of the Act:

Common Stock, $0.001 par value

Preferred Stock Purchase Rights

(Title of Class)

     Indicate by check mark whether the Registrant (1) has filed all reports required to be filed by Section 13 or 15(d) of the Securities Exchange Act of 1934 during the preceding 12 months (or for such shorter period that the Registrant was required to file such reports), and (2) has been subject to such filing requirements for the past 90 days.

     Indicate by check mark if disclosure of delinquent filers pursuant to Item 405 of Regulation S-K is not contained herein, and will not be contained, to the best of Registrant’s knowledge, in definitive proxy or information statements incorporated by reference in Part III of this Form 10-K or any amendment to this Form 10-K.    x

     Indicate by check mark whether the registrant is an accelerated filer (as defined in Exchange Act Rule 12b-2).    Yes    x         No    o

     The aggregate market value of the voting stock held by non-affiliates of the Registrant, based upon the closing sale price of Common Stock on June 30, 2004 as reported on the Nasdaq National Market, was approximately $559 million (affiliates being, for these purposes only, directors, executive officers and holders of more than 5% of the Registrant’s Common Stock).

     As of March 3, 2005 the Registrant had 50,876,113 outstanding shares of Common Stock.

DOCUMENTS INCORPORATED BY REFERENCE

     Portions of the Proxy Statement for the Registrant’s Annual Meeting of Stockholders to be held on May 24, 2005 are incorporated by reference into Part III of this Form 10-K.

     In this Form 10-K, the words “Internet Security Systems,” “ISS,” “the Company,” “we,” “our,” “ours,” and “us” refer to Internet Security Systems, Inc., and its subsidiaries.

      This Annual Report on Form 10-K contains forward-looking statements. Forward-looking statements can be identified by the use of words such as “may,” “will,” “should,” “could,” “continue,” “future,” “potential,” “believe,” “project,” “plan,” “intend,” “seek,” “estimate,” “predict”, “expect”, “anticipate” and similar expressions, or the negative of such terms, or other comparable terminology. Forward-looking statements also include the assumptions underlying or relating to any of the foregoing statements. Our actual results could differ materially from those anticipated in these forward-looking statements as a result of various factors, including those set forth below under the caption “Risk Factors” and those otherwise described from time to time in our Securities and Exchange Commission reports filed after this Form 10-K. All forward-looking statements included in this Form 10-K are based on information available to ISS on the date hereof. We assume no obligation (except where required by law) to update any forward-looking statements for any events or circumstances occurring after the date of this Form 10-K.

      Internet Security Systems, Network ICE, System Scanner, Wireless Scanner, SiteProtector, SecurePartner and X-Press Update are trademarks and service marks, BlackICE is a licensed trademark and the Internet Security Systems logo, X-Force, Proventia, RealSecure, Internet Scanner, and Database Scanner are registered trademarks and service marks, of Internet Security Systems, Inc. Each trademark, trade name or service mark of any other company appearing herein belongs to its holder.

PART I

Introduction

      Internet Security Systems, Inc. is a trusted security expert to global enterprises and world governments, providing software, appliances and services that protect IT infrastructure against Internet threats. An established world leader in security since 1994, ISS delivers proven cost efficiencies and reduces regulatory and business risk across the enterprise for customers worldwide. ISS products and services are based on the proactive security intelligence conducted by its research and development team. With headquarters in Atlanta, ISS operates throughout the Americas, Asia, Australia, Europe and the Middle East. ISS is publicly traded on the Nasdaq (ISSX).

      The mailing address for our headquarters is 6303 Barfield Road, Atlanta, Georgia, 30328, and our telephone number at that location is (404) 236-2600. Our website can be found at www.iss.net. We make available free of charge through our website our Annual Reports on Form 10-K, Quarterly Reports on Form 10-Q, and Current Reports on Form 8-K, and amendments to those reports, as soon as reasonably practicable after we file them electronically with, or furnish them to, the Securities and Exchange Commission. Our Corporate Governance Guidelines and Code of Conduct are also available on our website and are available in print to any stockholder who mails a request to our headquarters, attention to the Corporate Secretary. Our website also contains other corporate governance-related documents that may be of interest to stockholders. The information on our website is not part of this Form 10-K.

      ISS software and appliance products provide preemptive security across all layers of IT infrastructure: network gateways, servers and endpoint devices like PCs, laptops and handhelds. Our products incorporate a variety of security technologies, including intrusion prevention systems (IPS), intrusion detection systems (IDS), firewall and virtual private networking (VPN), content security, web filtering, antispam, antivirus, vulnerability assessment and security management. Our primary product line for enterprises consists of Proventia® appliances. We expect to introduce Proventia software products in 2005. We continue to market and sell our legacy brand of RealSecure® software solutions. And we offer two small office and consumer

products, BlackICE^tm PC Protection and BlackICE Server Protection software. Below is a more detailed overview of ISS’ product offerings organized by security technology.

      We use a range of fee structures to license our products, depending on the type of product and the intended use. Fees for our product line can be comprised of three components: 1) a platform fee, which includes the hardware and a perpetual or term license to the underlying software; 2) annually renewable software and hardware maintenance, which includes technical support and repair; and, 3) annually renewable content subscriptions, which provide security updates. A variety pricing structures are offered to fit different customer environments.

      ISS offers Proventia intrusion prevention appliances to preemptively protect enterprise network gateways, the connections between the network and the outside world. These appliances proactively block malicious attacks from entering the network and are available in a variety of models rated for speed and capacity. In 2005, ISS expects to introduce two new Proventia software products with intrusion prevention technology for servers and endpoint PC desktops and laptops.

      ISS offers Proventia intrusion detection appliances for network IDS, forensics and response technology. These appliances come in a range of models with varying speeds and capacity. ISS continues to maintain its legacy IDS products, RealSecure Network 10/100 and RealSecure Network Gigabit software.

      ISS offers Proventia integrated security appliances to provide robust protection for remote and branch offices that are simple to deploy and manage. These appliances combine intrusion prevention, firewall, VPN, Web filtering, antispam and antivirus in a single device and come in a range of models with varying speeds and capacity.

      ISS offers Internet Scanner® software for comprehensive vulnerability assessment across enterprise networks, servers, desktops and wireless networks.

      ISS offers Proventia Mail Filter and Proventia Web Filter for content security. Proventia Mail Filter monitors the content of your e-mail traffic, eliminating spam and blocking undesirable or illegal content. Proventia Web Filter blocks unwanted Web content.

      ISS offers the SiteProtector centralized management system for scalable, centralized management of all ISS products. SiteProtector significantly reduces demand on staff and other operational resources. The SiteProtector Security Fusion module uses advanced data correlation and analysis to derive the likelihood of a successful attack from aggregated vulnerability assessment information. The SiteProtector Third Party module interfaces with market leading firewalls — such as CheckPoint and Cisco PIX — to automate the collection of audit and intrusion detection events into the SiteProtector system for advanced analysis.

      We continue to offer BlackICE PC Protection and BlackICE Server protection software for powerful, affordable firewall and intrusion detection for the consumer and small office product market.

      ISS offers both professional and managed security services to help enterprise customers reduce the risk of online attacks. Professional Security Services from ISS help enterprises plan and implement a security strategy with assessment, design, deployment, management and education services. For organizations lacking the time, expertise or appropriate internal resources to effectively secure their corporate networks and online resources, we offer Managed Security Services. Our Managed Security Services provide 24/7 monitoring and management, advanced correlation, event prioritization and rapid incident response upon detection.

      Managed security services fees are determined by the complexity of the monitoring arrangement and by the number of devices being monitored. These fees are typically billed monthly as services are performed. Our professional services fees are calculated either on a fixed-fee basis or an hourly rate per consultant based on the scope of the engagement, market sector and geographical territory. Educational services are calculated on a per-class basis.

      ISS offers technical support to customers worldwide. Our standard annual support contract provides 24x7 telephone technical support, 24x7 online support incident submission and tracking, product updates and enhancements, access to the True Blue Customer Portal, online incident submission and tracking, priority notification of new and emerging security threats, and unlimited access to the ISS Knowledgebase and X-Force Threat and Vulnerability Database. North America customers may upgrade their standard support contracts to select support or premium support for better response times, access to senior technical support, and other services. Maintenance agreements are generally renewable annually.

      As of the end of fiscal 2004, our worldwide sales and marketing organization consisted of 363 individuals, including managers, sales representatives, and technical support personnel. We have field sales offices in 22 countries and sell our products and services both directly and through a variety of channels with support from our sales force. A substantial portion of our products and services are sold through our channel partners and the remainder are sold through direct sales. Our channel partners include system integrators, service providers, other resellers, distributors, and retail partners. During 2004, indirect sales accounted for 68% of product licenses sold.

      System integrators and service providers typically sell directly to end users and often provide system installation, technical support, professional services, and other support services in addition to security product sales. System integrators also typically integrate our products into an overall solution. Distributors typically sell to system integrators, service providers, and other resellers who sell to the end customer, a two-tier system. Revenue from the channel is recognized based on the sell-through method, meaning that the sale has occurred with the channel for an identified end user.

      Our sales organization is divided into three geographic areas: the Americas (United States, Canada, Latin America and South America), EMEA (Europe, Middle East and Africa) and Asia/ Pacific. These geographic areas represent our three reportable segments. The accounting policies of the reportable geographic segments are the same as described under the caption “Critical Accounting Policies” in “Management’s Discussion and Analysis of Financial Condition and Results of Operations” and in our consolidated financial statements, and are applied consistently across the segments. Revenues, as a percentage of total revenues, for each segment are as follows:

      Our marketing activities include market segment and competitive analysis, strategic brand and product planning, public relations, industry analyst relations and education; publication of technical and educational articles in both print and online media (through our white papers, and through our own print and online

newsletters and/or magazines); direct mail and email; participation in industry tradeshows; product/technology conferences, seminars, and web casts; competitive analysis; sales training; advertising and development and distribution of marketing literature; and maintenance of our Web site.

      We provide products and services to a variety of customers worldwide, including many of the world’s largest banks, IT companies, telecommunications providers, auto manufacturers and insurance providers. We view our primary customers as enterprise, service provider and risk management enterprises, but we have also developed products and services for the consumer and small office market. Our enterprise market customers generally have annual revenues exceeding $500 million.

      Our X-Force research organization is a group of security experts who investigate security flaws in software that could become the target of online attacks as well as emerging threats that appear on the Internet. From X-Force research, we develop updates for our products and services to protect against the latest vulnerabilities and threats. These updates quickly and easily self-install into our software and appliances. X-Force research and analysis is a differentiator for our offerings, which help keep our customers ahead of online threats. By researching the actual vulnerabilities, or weak spots in software that become the point of entry for new attacks, we create protection updates that shield the weak spots, often before a threat is even developed.

      The X-Force organization operates out of our Global Threat Operations Center — which is a specialized threat intelligence facility in Atlanta that collects security trend information from our five state-of-the-art Security Operations Centers operating on three continents — to analyze the nature and severity of any threat in real-time. The X-Force then helps deliver our solutions to market via alerts, advisories, product updates, professional services, emergency response services and 24/7 remotely managed security services. In addition, the X-Force produces a fee-based X-Force Threat Analysis Service for customers that require immediate, comprehensive notification of security events, threats and vulnerabilities.

      We use a multiple product sourcing strategy that includes internal development, licensing from third parties, and acquisitions of technologies or companies. Beginning in the second quarter of 2003, we began to aggressively transition our product development efforts from primarily software-based products towards our Proventia appliance products that deliver network protection solutions on ISS-branded network hardware. These appliances improve protection and flexibility for customers, and reduce costs through simple procurement, deployment and management. We have incorporated a modular design in our software products to permit plug-and-play capabilities, although customers often use our professional services or our strategic partners to install and configure products for use in larger or more complex network systems.

      We use strategic acquisitions and partnerships as necessary to provide certain technology, people and products for our overall product and services strategy. We consider both time to market and potential market share growth when evaluating partnerships, acquisitions of technologies, product lines or companies.

      The market for network security monitoring, detection, prevention and response solutions is intensely competitive, and we expect competition to increase in the future. We believe that the principal competitive factors affecting the market for information security solutions include security effectiveness, manageability, technical features, performance, ease of use, price, scope of product offerings, professional services capabilities, distribution relationships and customer service and support. Although we believe that our solutions generally compete favorably with respect to such factors, we cannot guarantee that we will compete successfully against current or potential competitors, especially those with significantly greater financial resources or brand name recognition.

      We compete against many companies who offer competing products to our technology solutions and competing services to our response and support. Some of the companies we compete against are Symantec, McAfee Security (formerly Network Associates), Checkpoint, and Cisco. In addition, we compete with large technology companies such as Computer Associates, IBM, and Microsoft that may offer network and system protection products as enhancements to their operating systems; we also face competition from smaller companies and shareware authors that may develop competing products.

Customers

      No customer accounted for more than 10% of our consolidated revenues in 2004, 2003 or 2002. Target customers include both public and private sector organizations, as well as consumers, that use Internet protocol enabled information systems. Business customers represent a broad spectrum of organizations within diverse sectors, including financial services, technology, telecommunications, and government and information technology services.

Intellectual Property

      We rely primarily on copyright, trademark, patent and trade secret laws, confidentiality procedures and contractual provisions to protect our intellectual property and other proprietary rights. We have obtained one United States patent, one Taiwanese patent and have a number of patent applications pending in the United States and certain foreign jurisdictions. We believe that the technological and creative skills of our personnel, new product developments, frequent product enhancements, our name recognition, our professional services capabilities and delivery of reliable product maintenance are essential to establishing and maintaining a technology leadership position. We cannot assure you that our competitors will not develop technologies that are similar to ours. We generally license our software products to end users in object code (machine-readable) format. Some of our customers have required us to maintain a source-code escrow account with a third-party software escrow agent, and a failure by us to perform our obligations under any of the related license and maintenance agreements, or our insolvency, could result in the release of our product source code to such customers. The standard form license agreement for our software products allows the end user to use our products solely on the end user’s computer equipment for the end user’s internal purposes, and the end user is generally prohibited from sublicensing or transferring the products.

      Despite our efforts to protect our intellectual property, unauthorized parties may attempt to copy aspects of our products or to obtain and use information that we regard as proprietary. Policing unauthorized use of our products is difficult. While we cannot determine the extent to which piracy of our software products occurs, we expect software piracy to be a persistent problem. In addition, the laws of some foreign countries do not protect our proprietary rights to as great an extent as do the laws of the United States and many foreign countries do not enforce these laws as diligently as U.S. government agencies and private parties. See “Management’s Discussion and Analysis of Financial Condition and Results of Operations — Risk Factors.”

Employees

      As of December 31, 2004, we had 1,200 employees, of whom 276 were engaged in product research and development, 363 were engaged in sales and marketing, 280 were engaged in customer service and support, 96 were engaged in professional services, and 185 were engaged in administrative functions. We believe that we have good relations with our employees.

      We currently lease three buildings totaling approximately 289,000 square feet in Atlanta, Georgia for our headquarters and research and development facility. The lease on these three buildings expires in May 2013.

      We lease additional office space in Chicago, Illinois; Mountain View, California; Southfield, Michigan; New York, New York; Paramus, New Jersey and Washington, D.C., as well as small executive suites in a number of United States cities. In addition, we lease office space in Sao Paulo and Rio de Janeiro, Brazil; Buenos Aires, Argentina; Mexico City, Mexico; Brussels, Belgium; London, England; Paris, France; Kassel

and Stuttgart, Germany; Stockholm, Sweden; Milan, Rome and Padova, Italy; Madrid, Spain; Zurich, Switzerland; Amsterdam, Netherlands; Warsaw, Poland; Cairo, Egypt; Seoul, Korea; Brisbane, Australia; Singapore; and Osaka and Tokyo, Japan.

      We believe that our existing facilities are adequate for our current needs and that additional space will be available as needed.

      On August 17, 2004, the Company filed in the United States District Court for the Northern District of Georgia a declaratory judgment action (the “Georgia Action”) against SRI International, Inc. (“SRI”). The action seeks the court’s declaration that the Company’s products and services do not infringe any valid claim of five patents held by SRI and seeks declaration that certain claims of those patents are invalid. SRI has filed a motion to dismiss the action, which the Company has opposed. On August 26, 2004, SRI filed in the United States District Court for Delaware a complaint against the Company and Symantec Corporation (the “Delaware Action”). The complaint in the Delaware Action alleges that the Company’s SiteProtector and Proventia products infringe upon claims of two of the five patents at issue in the Georgia Action. The Delaware Action seeks unspecified damages and injunctive relief. The Company has filed a motion to dismiss the Delaware Action, which SRI has opposed. The Company intends to defend the Delaware Action vigorously and believes it has meritorious defenses.

      No matter was submitted to a vote of our stockholders during the fourth quarter of 2004.

PART II

      Our Common Stock is quoted on the Nasdaq National Market under the symbol “ISSX”. The following table lists the high and low per share sales prices for the Common Stock as reported by the Nasdaq National Market for the periods indicated:

      As of March 3, 2005, there were 50,876,113 shares of our Common Stock outstanding held by 264 stockholders of record.

      We have never declared nor paid cash dividends on our capital stock. We intend to retain any earnings for use in our business and do not anticipate paying any cash dividends in the foreseeable future. Our Board of Directors will determine future dividends, if any.

      On October 29, 2003, ISS announced a voluntary option exchange program intended to reduce the number of outstanding options. Stock options with exercise prices exceeding $30 per share were eligible. Our directors and five most senior executive officers, including the chief executive officer, were not eligible to participate in the program. Approximately 783,000 of the 1,343,000 eligible option shares with exercise prices between $30 and $83 per share elected to participate in the program and these options were cancelled on November 27, 2003. New options totaling approximately 313,000 shares were issued on June 1, 2004. This transaction is exempt from registration under Section 3(a)(9) of the Securities Act of 1933.

      Information on our securities authorized for issuance under our equity compensation plans is incorporated by reference from our Proxy Statement for our 2005 Annual Meeting of Stockholders to be filed with the Securities and Exchange Commission in Item 12 of Part III of this Annual Report on Form 10-K.

Purchases of Equity Securities

      The following table provides information about purchases by ISS of its common stock during the three months ended December 31, 2004. All such purchases were made in open-market transactions pursuant to a repurchase plan publicly announced on July 21, 2004. Under this repurchase plan, ISS has been authorized by the Board to repurchase up to $50.0 million of its outstanding common stock over the 12 months ending July 19, 2005.

      The financial data set forth below for each of the three years in the period ended December 31, 2004 and as of December 31, 2004 and 2003 has been derived from the audited consolidated financial statements appearing elsewhere in this Annual Report on Form 10-K. The financial data for the years ended December 31, 2001 and 2000 and as of December 31, 2002, 2001 and 2000 has been derived from audited financial statements not included herein. This data should be read in conjunction with the consolidated financial statements and notes thereto, and with Item 7, “Management’s Discussion and Analysis of Financial Condition and Results of Operations”.

      The following Management’s Discussion and Analysis of Financial Condition and Results of Operations should be read in conjunction with the Consolidated Financial Statements and related Notes thereto included elsewhere in this Form 10-K. Except for the historical financial information, many of the matters discussed in this Item 7 may be considered “forward-looking” statements. Such forward-looking statements are not guarantees of future performance and involve a number of risks and uncertainties. Many of the risks and uncertainties are described below under the caption “Risk Factors”.

Overview

      We focus on providing enterprise-wide pre-emptive protection. We provide such protection with our comprehensive line of products and services. These include ISS’ SiteProtector centralized management system; a product family consisting of network and host intrusion prevention, integrated security appliances, desktop protection and vulnerability protection; and ISS’ Managed Security Services and Professional Security Services. The integrated security appliance includes, in addition to intrusion prevention, firewall, virtual private network, anti-virus protection, content filtering and e-mail security, including anti-spam.

      This combination of products and services forms our Proventia Enterprise Security Platform (ESP), which contributes to business process optimization by maintaining a delicate balance between IT-performance, availability and risk — ultimately stopping cyber threats before they impact operations. Unlike traditional approaches to security, which focus on improving reaction times, Proventia ESP is designed to avoid security incidents by combining continuous vulnerability assessment and threat prevention with enterprise-wide information management and reporting capabilities. Our objective is to enable companies to shield security vulnerabilities across their entire IT infrastructure — before attacks are released.

      We currently plan to continue to evolve the Proventia Enterprise Security Platform by further automating enterprise security policy and delivering it within the context of existing IT processes.

      Our managed services offerings currently provide remote management of our best-of-breed security technology, focusing on security assessment and intrusion detection, intrusion prevention and desktop protection systems, and include firewalls, VPNs, anti-virus and URL filtering software. We focus on serving as the trusted security provider to our customers by maintaining within our existing products the latest counter-measures to security risks, creating new innovative products based on our customers’ needs and providing professional and managed services.

      Many factors will affect our future financial performance, especially our ability to differentiate our offerings from competitors that include much larger companies with greater marketing capabilities, financial resources and brand recognition. In order to continue to create such differentiation, we expect to continue to expand our domestic and international sales and marketing operations, seek acquisition candidates and alliances with partners whose products, technologies or services capabilities are complementary to our solutions; and improve our internal operating and financial infrastructure in support of our strategic goals and objectives. At the same time, we expect to adjust our organization size in light of changing economic conditions and maintain emphasis on controlling discretionary spending and capital expenditures. While we believe in the long-term success of our business solutions, our prospects must be considered in light of the recent experience, risks and difficulties that are frequently encountered by companies serving rapidly evolving markets. See “Risk Factors”.

Critical Accounting Policies

      The consolidated financial statements were prepared in conformity with U.S. generally accepted accounting principles (“GAAP”). As such, management is required to make certain estimates, judgments and assumptions it believes are reasonable based upon the information available. These estimates and assumptions affect the reported amounts of assets and liabilities at the date of the financial statements and the reported amounts of revenues and expenses during the periods presented. The significant accounting policies which

management believes are the most critical to aid in fully understanding and evaluating our reported financial results include the following:

      We recognize revenue in the following categories:

      We recognize software license revenue under Statement of Position (“SOP”) 97-2, Software Revenue Recognition, as modified by SOP 98-9, Software Revenue Recognition with Respect to Certain Transactions, when the following criteria have been met:

      We recognize perpetual software license revenues, assuming all other revenue recognition criteria are met, upon (1) delivery of the software and (2) issuance of the related license, assuming that no significant vendor obligations or customer acceptance rights exist. Where payment terms are extended over periods greater than twelve months, revenue is recognized as such amounts become due and payable. Revenue is also deferred when payment terms are extended for periods less than twelve months and such sales are deemed either not to be fixed or determinable or collection is not probable based on evaluation of all terms of the transaction.

      Product sales consist primarily of appliances sold in conjunction with ISS licensed software. These sales are recognized upon shipment to the customer provided all other revenue recognition criteria for software license revenue recognition are met.

      Sales of products are generated both through direct sales to end-users as well as through various partners, including system integrators, value-added resellers and distributors. Revenue from product licenses and sales is recognized when the sale has occurred for an identified end user, provided all other revenue recognition criteria are met. We offer evaluation software available via download from our website and evaluation units for appliance-based products that allow potential customers to see the functionality of the products on their own networks prior to purchase. At the point of delivery, the customer has no right of return.

      Renewable product support and content updates are separate components of product licenses and sales. Security monitoring and management services for information assets and systems are part of managed services and associated revenues are recognized and billed as such services are provided. Term licenses allow customers to use our products and receive product support coverage and content updates for a specified period, generally twelve months. We generally invoice for product support, content updates and term licenses at the beginning of the term and recognize revenue ratably over the subscription term.

      Historically, our appliance and software sales have been accounted for primarily as revenue at the time of sale, with product support and content updates generally representing between 20% and 30% of the license or product amount. The majority of the initial price paid by the customer for certain Proventia integrated security

appliance models currently is for selected content blades, which customers acquire for a specified term that is recognized over such term as subscription revenue. The Company is considering changing the pricing model for our Proventia integrated security appliances to our historical model. Under this model customers would acquire the appliance and all content blades, which would be recorded as product revenue in the period of sale, and pay annual support and content fee in the historical range of 20% to 30% of the product amount.

      Service engagements are typically billed on either a fixed fee or time-and-materials basis and primarily consist of security assessments of customer networks and the development of customers’ security policies. These offerings are intended to support our goal of providing products and managed services. We prefer to have our partners provide these services where practical. We recognize such professional services revenues as the related services are rendered.

      Our sales of product and/or software licenses are multiple element arrangements that include product support and content updates and may include other subscription or professional services delivered after the product or software license. Revenue is generally recognizable before delivery of every element of the arrangement when all of the following requirements exist:

      We recognize the difference between the total arrangement fee and the amount deferred for the undelivered elements as product and license revenues. We allocate revenue to the delivered products and licenses using the residual method. Under the residual method, we allocate discounts inherent in the arrangement to products and product support and content updates associated with products that are initially delivered and recognize the other elements as they are delivered based on the VSOE, which is determined based on transactions where the company sells those elements separately. We determine fair value of the undelivered elements based on historical evidence of our stand-alone sales of these elements to third parties.

      Our sales are global, with customers located in the Americas, EMEA, and Asia/ Pacific regions. We perform periodic credit evaluations of our customer’s financial condition and do not require collateral. We provide for estimated credit losses as such losses become probable. We evaluate specific accounts when we become aware of a situation where a customer may not be able to meet its financial obligations due to deterioration of its liquidity or financial viability, credit ratings or bankruptcy. The allowance for doubtful accounts is established based on the best facts available to us and is reevaluated and adjusted as additional information is received. At December 31, 2004, the allowance for doubtful accounts totaled $3.1 million, or 4.0% of the $78.5 million of total trade receivables. This 4.0% allowance of receivables reflects our practice to leave accounts on our general ledger and provide reserves pending final resolution of collectibility rather than to write-off such accounts.

      Our bad debt expense for the year ended December 31, 2004 amounted to $1.2 million compared to $1.1 million in 2003 and $2.1 million in 2002. The provision for 2004 was a lower percentage of total revenues compared to 2003 due to the continued absence of any significant new identified exposures for the second straight year.

      We continued to monitor the Asia situation that contributed to the higher bad debt expense level in 2002. In January 2004, a new distributor for China assumed the rights and the obligations of the distribution agreement for ISS products from the old distributor. In connection with this agreement, we modified the new distributor’s obligations, which resulted in an additional $200,000 of bad debt expense recorded in the fourth

quarter of 2003 and the write-off of $1.1 million against the allowance account. We established a firm repayment schedule and have received timely payments under this schedule. The remaining balance, which has been reduced to $630,000 at January 31, 2005, is scheduled to be paid in the first half of 2005.

      While actual credit losses have historically been within management’s expectations and the provisions established, we cannot guarantee that we will continue to experience the same credit loss rates we have in the past. If the financial condition of our customers were to deteriorate, resulting in an impairment of their ability to make payments, additional allowances may be required.

      We review goodwill for impairment on an annual basis or on an interim basis whenever events or changes in circumstances indicate that the carrying amount of an asset may not be recoverable. All other long-lived and intangible assets are reviewed for impairment whenever events or circumstances indicate that the carrying amount of an asset may not be recoverable. Such impairment loss would be measured as the difference between the carrying amount of the asset and its fair value based on the present value of estimated future cash flows. Significant judgment is required in the forecasting of future operating results, which are used in the preparation of projected cash flows. Due to uncertain market conditions and potential changes in our strategy and products, it is possible that forecasts used to support our intangible assets may change in the future, which could result in significant non-cash charges that would adversely affect our results of operations.

      We currently have goodwill and other acquisition related intangibles of approximately $244 million, with $195 million of goodwill related to our June 2001 acquisition of Network ICE Corporation (“Network ICE”) and $24 million of goodwill related to the January 2004 acquisition of Cobion, a privately held company based in Kassel, Germany (“Cobion”). The determination of whether or not goodwill is impaired involves significant judgments based upon short and long-term projections of future performance. We have concluded that this amount is realizable based on forecasted discounted cash flows through 2008 and on our stock market valuation. Neither method indicated that our goodwill had been impaired and, as a result, we did not record any impairment losses related to goodwill during the year ended December 31, 2004. Other intangibles of approximately $20 million are principally acquired technology from the Network ICE and Cobion acquisitions that are components in our current product offerings.

      On December 16, 2004, the Financial Accounting Standards Board issued SFAS Statement No. 123 (revised 2004) (SFAS 123R), Share-Based Payment, which is a revision of SFAS Statement No. 123, Accounting for Stock-Based Compensation. SFAS No. 123R supersedes APB Opinion No. 25, Accounting for Stock Issued to Employees. Statement 123R requires all share-based payments to employees, including grants of employee stock options, to be recognized in the financial statements based on their fair values (i.e., pro forma disclosure is no longer an alternative to financial statement recognition). Statement 123R is effective for public companies at the beginning of the first interim or annual period beginning after June 15, 2005.

      The Company expects to adopt SFAS 123R on July 1, 2005. SFAS 123R allows for either prospective recognition of compensation expense or retrospective recognition, which may be back to the original issuance of SFAS 123 or only to interim periods in the year of adoption. The Company is currently evaluating these transition methods and the impact SFAS 123R will have on the financial statements.

Acquisitions

      We believe that our total solutions approach will positively impact all of our revenue categories. This includes our products and managed services offerings, as well as product support, professional services and training. While we expect the expansion of these product and service offerings to originate primarily from internal development, our strategy includes acquiring products, technologies and service capabilities that fit within our strategy and could potentially accelerate the timing of the commercial introduction of such products and technologies.

      In January 2004, we acquired Cobion. Cobion provides content filtering and anti-spam technology that protects individuals and enterprises against unwanted Web content, spam, misuse of information and lost productivity. The purchase price was approximately $33 million in cash plus the direct costs of acquisition. The Cobion product continues to be sold on a stand-alone basis and through OEM relationships and is a component of our integrated security appliance.

      In October 2002, we completed the acquisition of privately held vCIS, Inc. (“vCIS”) of Santa Clara, California, a developer of patent-pending, next-generation, pre-emptive behavioral inspection technology. The technology prevents malicious code from executing and causing damage before it has an opportunity to interact with the enterprise network. The aggregate purchase price was $19.6 million and was primarily allocated to in-process research and development. In-process research and development had not yet reached technological feasibility and was required to be expensed at the time of acquisition under GAAP. As a result, we incurred an expense of $18.5 million in the fourth quarter of 2002. Of the remaining purchase price, $1.2 million was allocated to the assembled workforce, which is being amortized over three years, $200,000 was allocated to net tangible assets, principally fixed assets, and $300,000 of liabilities were assumed. In the fourth quarter of 2003 we committed to a plan to close the research and development facility in Sydney, Australia, transferred knowledge of the product to our Atlanta-based personnel, and wrote off the remaining approximately $700,000 of the intangible asset related to the vCIS workforce. The closing of the Sydney facility was completed in the first half of 2004.

      In August 2002, Internet Security Systems KK (“ISS KK”), our Asia-Pacific subsidiary, acquired a distributor in Singapore, TriSecurity Holdings Pte Ltd. (“TriSecurity”). TriSecurity was the sole distributor for ISS KK in Southeast Asia, including India, and its business was almost exclusively focused on ISS solutions. This acquisition provides our Asia-Pacific subsidiary direct support capabilities for their customers in Southeast Asia and allows ISS KK to expand its capabilities in this growing market. The consideration consisted of 1,000 shares of ISS KK stock and approximately $1.2 million of cash. Goodwill of approximately $4.0 million related to the purchase was recorded. During the first quarter of 2003, ISS KK amended the agreement and agreed to make payment of 245 shares of ISS KK in each of the first quarters of 2004 and 2005, relating to annual contingent consideration payments defined in the 2002 purchase agreement. Due to regulatory issues, the agreement was amended prior to the 2004 payment to make the 2004 and 2005 payments in cash in lieu of shares. Additional consideration of $498,000 was paid in February 2004 based on the fair market value of the 245 shares, and is reflected in goodwill at December 31, 2004.

Results of Operations

      The following table sets forth our consolidated historical operating information, as a percentage of total revenues, for the periods indicated:

Revenues

      Since the second quarter of 2003, we have offered the Proventia family of network protection appliances that collectively provides unified, multi-function protection capabilities designed to identify and prevent many forms of attack with minimal user intervention. These products are designed to operate in demanding network environments while being easy to deploy, easy to use and centrally managed, all in an effort to make our solution more cost-effective. The market response has been dramatic as Proventia grew from 23% of product license and sales revenues in its year of introduction to 53% in 2004.

      Product licenses and sales increased by 18% in 2004 from 2003 due to this positive market response to our Proventia line, reversing a decreasing trend for the previous three years. This revenue category decreased slightly to 43% of total revenues in 2004 compared to 44% in 2003 and 50% in 2002 as subscription revenues continued to grow significantly.

      Our future growth is dependent on a continuation of the positive market response to our Proventia family of products. We expect to extend Proventia to our server and PC desktop and laptop solutions delivered as software offerings. Our present product roadmap also focuses on product offerings and enhancements that will continue to improve central control and manageability, easier deployment and more refined information as well as broader Proventia appliance offerings. We expect that this focus will continue to make our products more cost effective to implement and maintain the goal of increasing the future level of product licenses and sales. This expected growth is critical as it represents not only product and license revenues, but also subscription revenues from product support and content.

      Subscription revenues consist of product support and content updates, security-monitoring fees for managed services offerings, and term licenses of products. Subscriptions revenue represented 49% of total revenues in 2004, 46% of total revenues in 2003 and 38% of total revenues in 2002.

      The largest component of subscription revenues, product content and support, remained comparable at 31% of total revenues in 2004 and 2003, up from 27% of total revenues in 2002. Product content and support includes hardware support of our Proventia appliances, software updates and software blades, technical support and security content that includes advisory updates from X-Force, our internal team of security experts. Product content and support are provided to our customers through contracts executed with customers for a specified term and billed at the time of contract. Such billings are recorded as deferred revenues on our balance sheet and amortized as subscriptions revenue over the term of the contract. We expect product content and support revenues to increase in the future as our client base that generates product content and support revenues expands.

      Managed services revenues increased to 13% of total revenues in 2004, as compared with 11% in 2003 and 8% in 2002. We believe these increases were due to a strong demand in the market for proven, financially sound, managed security service providers. We are marketing managed services both directly to end users and through partners, including a number of new arrangements with integrators and service providers that include managed services as a part of their service offerings to their customers. We also expect sales of managed services to continue to grow steadily as we focus our efforts on marketing offerings to new and existing customers that meet changing needs in today’s environment.

      Professional services revenue decreased both in absolute dollars and as a percentage of total revenue to 8% in 2004 from 10% in 2003 and 12% in 2002. We continue to focus on high-value offerings that utilize our X-Force expertise, and look to our system integration and channel partners to serve as the primary resource to fulfill the services and education needs of our customers.

      Geographically, we derived the majority of our revenues from sales to customers within the Americas region. Revenues by region represented the following percentages of total revenues:

      While there have been changes in the proportion of revenues generated by each region, all of the regions experienced growth in revenues in 2004. Revenues in EMEA benefited from volume growth combined with a strengthening currency throughout 2004 and 2003, since products sold to EMEA customers are primarily sold in the Euro currency. The financial data for each segment can be found in Note 11 to the Consolidated Financial Statements.

Costs and Expenses

      Personnel and related costs represent our largest expense category. We ended 2004 with 1,200 employees, up from 1,150 at the beginning of the year. There have been numerous minor adjustments within the organization during 2004. Our research and development headcount experienced no net increase during 2004 despite the acquisition of Cobion. The majority of headcount growth occurred in quote-carrying sales personnel, sales support and marketing. Our headcount has fluctuated between approximately 1,150 and 1,250

over the last 3 years as we acquired and integrated acquisitions and continually refined our business targets in light of economic conditions during these years.

      We began to use restricted stock, in addition to stock options, as an equity component of compensation beginning in the first quarter of 2004. We recorded $2.0 million of compensation expense associated with restricted stock in the expense categories in which the recipients are placed.

      Cost of product licenses and sales consists of several components. The substantial portion of our cost of product licenses and sales in 2004 and 2003 represents the hardware cost of our Proventia appliances. We also licensed development source code in 2004, which is being amortized as cost of products sold over its estimated useful life of four years. In prior years, costs included payments to partners for their products that we sold or integrated with our managed service offerings. Costs associated with licensing our software products are minor. As a percentage of product licenses and sales revenues, these costs increased from 6% in 2002 to 9% in 2003 and 18% in 2004. The increase is attributable to the dramatic increase in Proventia appliance revenues in these periods.

      We also incurred $6.9 million in 2004, $4.4 million in 2003 and $3.6 million in 2002 of amortization expense related to core and developed technology that was recorded as a result of acquisitions accounted for under the purchase method of accounting.

      Cost of subscriptions and professional services includes the cost of our technical support personnel who provide assistance to customers under product support agreements, the security operations center (“SOC”) costs of providing managed security monitoring services and the costs related to our professional services and training. These costs were $49.0 million in 2004, $48.7 million in 2003 and $51.1 million in 2002. As a percentage of subscription and professional services revenues, the costs decreased to 30% in 2004 from 35% in 2003 and 42% in 2002. Cost efficiencies in the manner in which these services were delivered combined with the fact that our appliances require less technical support effort than our software products allowed the dollar amount of these expenses to remain relatively flat during a period of increasing subscription revenues.

      Costs associated with our technical support personnel and our security operations centers did increase each year in 2004, 2003 and 2002 as we added personnel to handle additional customers. We gained efficiencies in our SOC’s and restructured our support groups to be more productive so personnel increased at a much lower rate than revenue growth, contributing to the decrease in those costs as a percentage of total revenues. Additionally, our appliances typically require less technical support effort than our software products. While we continue to seek increased productivity, we do expect some increase in costs with a continued increase in revenues in the future.

      Offsetting this increase in costs associated with our technical support personnel and our SOC’s was a decrease in costs associated with our professional services and education services commensurate with the decrease in the associated revenues.

      Research and development expenses consist of salary and related costs of research and development personnel, including costs for employee benefits, and depreciation on computer equipment. These costs include those associated with maintaining and expanding the X-Force, our internal team of security experts. We believe our primary research and product development and managed service offerings are important to retaining our leadership position in the market. We continue to add functionality to our product family, providing gateway, network, server and desktop-based solutions, as well as to our security management applications. These improvements as well as new offerings are intended to provide our customers with more powerful and easier-to-use solutions for security management across the enterprise.

      Research and development expenses were $43.0 million in 2004, $41.8 million in 2003 and $35.3 million in 2002. These costs fluctuated as a percentage of total revenues from 15% in 2004 to 17% in 2003 and 15% in 2002. The increase in expense dollars is the result of additions to our headcount due to the addition of vCIS in the fourth quarter of 2002, Cobion in the first quarter of 2004 and continued investment in our Proventia line.

      Throughout 2004 and 2003, we reorganized and consolidated our efforts for security content, protection agent frameworks, management infrastructure and multifunction appliance delivery to enhance operational and development efficiency. This resulted in closing our engineering operations in Reading, U.K. and Sydney, Australia in the fourth quarter of 2003. These exit costs, which totaled $1.5 million, increased research and development expenses by 1% of total revenues in 2003. In 2004 we continued to streamline our operations as we relocated some engineering functions from our California development facility to Atlanta and offshore.

      While we are committed to continue our investment in X-Force research and development capabilities, which we believe distinguishes ISS from its competitors, we intend to seek leverage in future periods in the research and development area while enhancing current technologies and developing new technologies.

      Sales and marketing expenses consist of salaries, travel expenses, commissions, advertising, maintenance of our website, trade show expenses, costs of recruiting sales and marketing personnel and costs of marketing materials. Sales and marketing expenses were $100.9 million in 2004, $87.5 million in 2003 and $93.7 million in 2002.

      In 2004 sales and marketing expenses increased in absolute dollars but decreased as a percentage of total revenues to 35% in 2004 from 36% in 2003. We added quota-carrying headcount in 2004 and had higher variable commission expense associated with higher product license and sales revenues, but gained leverage from our sales force as we continue to increase the percentage of sales fulfilled through the channel.

      In 2003, sales and marketing expenses decreased in both absolute dollars to $87.5 million and as a percentage of total revenue to 36% from 39% in 2002. These decreases occurred as a result of a full year impact of 2002 sales headcount reductions as well as selective decreases during 2003. Additionally, we incurred lower commissions due to the decrease in product license and sales revenues. Finally, marketing costs were at a lower level, as we did not continue our 2002 television and print advertising campaign aimed at increasing awareness of the ISS brand.

      We expect to continue to achieve leverage in our sales efforts by focusing our direct sales force on large customers that are served either directly by us or through large systems integrators. Our channel, which includes systems integrators, value-added resellers and distributors, will continue to be of increasing importance to us, measured quantitatively by an increasing level of product revenue originating through the channel. In 2004 the channel represented approximately 68% of our sales as compared to 63% in 2003 and 54% in 2002. We intend to use its capabilities to reach larger customers through joint selling efforts and to reach departmental and small companies, especially for our Proventia multi-function appliance, which we believe has much more appeal to these companies.

      General and administrative expenses of $27.6 million in 2004, $22.7 million in 2003 and $24.3 million in 2002, represented approximately 10% of our total revenues in 2004, 9% in 2003 and 10% in 2002. General and administrative expenses consist of personnel-related costs for executive, administrative, finance and human resources, internal information systems and other support services costs, and legal, accounting and other professional service fees.

      The largest increase in 2004 was approximately $2 million for outside resources to assist in the design and execution of control testing related to financial control compliance work required by Sarbanes Oxley Act Section 404 as well as the related audit costs. Amortization of restricted stock, as previously discussed, was also a new expense items in 2004, which had the largest impact on this expense category.

      Included in 2002 expenses were non-recurring expenses associated with a relocation of our Asia/ Pacific headquarters in Tokyo. Costs included lease termination costs, including remaining rent payments, write-off of leasehold improvements and moving costs. These costs increased general and administrative expenses by 1% of total revenues in 2002.

      We have reflected a charge of $18.5 million in 2002 for the write-off of in-process research and development costs associated with the vCIS acquisition in October 2002. In-process research and development had not reached technological feasibility based on identifiable technological risk factors which indicated that even though successful completion was expected, it was not assured at the acquisition date and was immediately charged to operations.

      We incurred amortization expense related to intangible assets and stock-based compensation of $402,000 in 2004, $1.6 million in 2003 and $2.0 million in 2002 These intangible assets and stock-based compensation resulted from acquisitions accounted for under the purchase method of accounting and are amortized over their expected lives. Due to the closing of our Reading, UK and Sydney, Australia research and development facilities in late 2003, the expense in 2003 includes a $738,000 charge related to our workforce reductions at these facilities.

      Interest income decreased to $2.5 million in 2004 from $2.7 million in 2003 and $3.2 million in 2002. The decrease in interest income from 2002 to 2003 resulted from a drop in market rates of interest on our investment-grade commercial paper and similar investments from approximately 2% during 2002 to approximately 1% during 2003. While the market rate of interest did increase slightly in 2004 to 1.1%, interest income decreased in 2004 due to a decrease in cash and cash equivalents as we utilized available cash for our stock repurchase program and the January 2004 acquisition of Cobion.

      In 2004 other expense of $866,000 consisted primarily of minority interest expense of $637,000 and a write down of an investment made by our Asia/ Pacific subsidiary of approximately $500,000, partially offset by foreign exchange gains. In 2002 and 2003 other income (expense) was primarily related to minority ownership investments by our Japan subsidiary in a number of private companies, which ultimately produced a $1.9 million realized gain in 2002 and a $2.2 million impairment loss in 2003.

      We recorded a provision for income taxes of $15.4 million in 2004, $11.2 million in 2003 and $13.1 million in 2002. Taxes paid generally relate to foreign operations. Income tax expense was recorded on domestic income for each year but taxes payable were reduced by deductions related to the value of employee exercise of stock options. The tax benefit for the use of these stock option deductions was recorded as additional paid-in capital.

      The Company has approximately $3.9 million of research and development tax credit carryforwards available as offset against future U.S. operations that expire between in various years ending with 2022. The Company has net operating loss carryforwards, primarily from the EMEA region, totaling approximately $10.3 million that can be used to offset future taxable income in the respective country. These carryforwards can generally be carried forward indefinitely.

Liquidity and Capital Resources

      Our financial position remained strong throughout 2004. Our cash and cash equivalents and marketable security investments at December 31, 2004 were $211.0 million. Our investments in marketable securities consisted solely of high rated debt obligations either with maturities of twelve months or less or longer term investments with interest rates that are adjusted to current market rates no less frequently than quarterly.

      During 2004, we met our working capital needs and capital equipment needs with cash provided by operations. Cash provided by operations in 2004 totaled $65.0 million compared to $48.7 million in 2003 and $48.9 million in 2002. The major components of cash flows provided by operating activities in 2004 were net income of $26.3 million, non-cash depreciation and amortization changes of $23.5 million, income tax benefits of $12.6 million from exercises of employee stock options and an increase in deferred revenues of $15.1 million.

      An important element of our liquidity is the collection of our accounts receivable. These receivables totaled $75.3 million at December 31, 2004 and had increased by $8.0 million during 2004. We measure our accounts receivable management by our daily sales outstanding. This is a measurement of accounts receivable divided by billings in the quarterly period, represented by the sum of revenues plus the change in the deferred revenues liability account balance. This measurement was 75, 81 and 77 days at December 31, 2004, 2003 and 2002, respectively, each within our publicly stated target range of 75 to 85 days.

      Our net cash used in investing activities of $71.0 million in 2004 resulted primarily from our acquisition of Cobion in January 2004. The license of development source code was approximately half of our capital purchases of $14.5 million. Investing activities also included changes in our marketable securities that have quality characteristics similar to cash equivalents, except their maturities when we acquire them are longer than three months. The cash flow statement included the purchase of $87.7 million of intermediate term marketable securities, primarily interest-bearing government obligations and commercial paper, offset by net proceeds from the maturity of marketable securities of $61.6 million.

      Our financing activities used $48.7 million of cash in 2004, principally due to the repurchase of 3.6 million shares of our common stock in the open market at an aggregate cost of $56.0 million. The original stock repurchase plan expired in July 2004 and a new repurchase program to repurchase up to $50.0 million of our common stock through July 2005 was authorized by the Board of Directors in July 2004. Since the inception of the stock repurchase programs, we have purchased approximately 4.9 million shares of our common stock on the open market at an average cost of approximately $15.18 per share for a total cash outlay of approximately $74.4 million. We can purchase up to an additional $23 million under the current program.

      At December 31, 2004, we had $211.0 million of cash and cash equivalents and marketable securities, primarily money market accounts and investment grade debt securities. An additional $10.3 million of cash equivalents and marketable securities are pledged as collateral for stand-by letters of credit related to the operating leases of our facilities and are shown on the balance sheet as restricted marketable securities. We believe that such cash and cash equivalents and marketable securities will be sufficient to meet our working capital needs and capital expenditures for the foreseeable future. Furthermore, we are not aware of any trends, events, or uncertainties that are reasonably likely to result in any significant change to our liquidity.

      From time to time, we evaluate possible acquisition and investment opportunities in businesses, products or technologies that are complementary to ours. In the event we determine to pursue such opportunities, we may use our available cash and cash equivalents and marketable securities for this purpose.

      Payments for certain of our operating leases are secured by two collateralized stand-by letters of credit totaling approximately $8.8 million at December 31, 2004. The stand-by letters of credit are annually renewable over the duration of the applicable leases. These stand-by letters of credit guarantee our payment obligations on the leases. If we default on the lease payments, the landlords can claim against the letters of credit. We, in turn, would be liable to the letter of credit issuers. Our stand-by letters of credit are collateralized by securities worth $10.3 million at December 31, 2004. Other than these non-cancelable

operating leases, we have no off-balance sheet financing arrangements, any relationships with “structured finance” or “special purpose” entities, or any contractual obligations with unconsolidated entities that are reasonably likely to impact our liquidity.

      The following table summarizes our significant contractual obligations at December 31, 2004, and the effect such obligations are expected to have on our liquidity and cash flows in future periods. This table excludes amounts already recorded on our balance sheet as current liabilities at December 31, 2004 (amounts in thousands):

      Other obligations consist of payments due under an existing software licensing agreement. The expected timing and payment of the obligations above is estimated based on current information. Timing of payments and actual amounts paid may be different depending on the timing of receipt of goods or services or changes to agreed-upon amounts for some obligations.

Risk Factors

      There are many factors that affect ISS’ business and the results of its operations, some of which are beyond ISS’ control. The following is a description of some of the important factors that may cause the actual results of ISS’ operations in future periods to differ materially from those currently expected or desired. We encourage you to read this section carefully.

      We operate in a rapidly evolving market and must, among other things:

      We cannot be certain that we will successfully address these issues. As a result, we cannot assure our investors that we will be able to continue to operate profitably in the future.

      We introduced our Proventia appliance line in April 2003 that includes intrusion prevention and integrated security protection. While initial market response to the introduction of these products has had a positive impact on our operating results, failure to continue to gain further market acceptance could result in revenues below our expectations and our operating results could be adversely affected.

      We cannot predict our future revenues and operating results with certainty. However, we do expect our future revenues and operating results to fluctuate due to a combination of factors, including:

      We focus our efforts on sales of enterprise-wide security solutions, which consist of our entire product suite and related professional services, and managed security services, rather than on the sale of component products. As a result, each sale requires substantial time and effort from our sales and support staff. In addition, the revenues associated with particular sales vary significantly depending on the number of products acquired by a customer, the number of devices used by the customer and the customer’s relative need for our professional services. Large individual sales, or even small delays in customer orders, can cause significant variation in our license revenues and results of operations for a particular period. The timing of large orders is usually difficult to predict and, like many software-based technology companies, many of our customers typically complete transactions in the last month of a quarter.

      We cannot predict our operating expenses based on our past results. Instead, we establish our spending levels based in large part on our expected future revenues. As a result, if our actual revenues in any future period fall below our expectations, our operating results likely will be adversely affected because very few of our expenses vary with our revenues. Because of the factors listed above, we believe that our quarterly and annual revenues, expenses and operating results likely will vary significantly in the future.

      Our ability to provide timely guidance and meet the expectations of investors with respect to our operating and financial results is affected by the tendency of a majority of our product and license sales to be completed in the last month of a quarter. We may not be able to determine whether we will experience material deviations from guidance or expectations until the end of a quarter.

      We carry little inventory of our appliance products and we rely on suppliers to deliver necessary components to our contract manufacturers in a timely manner based on the forecasts we provide. We currently purchase some Proventia appliance components and contract manufacturing services from single or limited sources. If shortages occur, supplies are interrupted, or we underestimate demand for models, we may not be able to deliver products to our customers and our revenue and operating results would be adversely affected. Because our supply of hardware is based on short-term forecasts and purchase orders, our contract manufacturers are not obligated to purchase components for greater quantities over longer periods. We provide forecasts of our demand to our contract manufacturers. If we overestimate our requirements, our contract manufacturers may have excess inventory, which could increase our costs. If we underestimate our requirements, our contract manufacturers may have an inadequate component inventory and, based on lead times, this could interrupt manufacturing and result in delays in shipments and revenues.

      The market for network security monitoring, detection, prevention and response solutions is intensely competitive, and we expect competition to increase in the future. We cannot guarantee that we will compete successfully against our current or potential competitors, especially those with significantly greater financial resources or brand name recognition. Our chief competitors generally fall within the following categories:

      Mergers or consolidations among these competitors, or acquisitions of small competitors by larger companies, represent risks. For example, Symantec Corp., Cisco Systems, Inc., McAfee, Inc., and Juniper Networks, Inc. have acquired during the past several years smaller companies, which have intrusion detection or prevention technologies. These acquisitions will make these entities potentially more formidable competitors to us if such products and offerings are effectively integrated. Large companies may have advantages over us because of their longer operating histories, greater name recognition, larger customer bases or greater financial, technical and marketing resources. As a result, they may be able to adapt more quickly to new or emerging technologies and changes in customer requirements. They can also devote greater resources to the promotion and sale of their products than we can. In addition, these companies have reduced and could continue to reduce, the price of their security monitoring, detection, prevention and response products and managed security services, which increases pricing pressures within our market.

      Several companies currently sell software products (such as encryption, firewall, operating system security and virus detection software) that our customers and potential customers have broadly adopted. Some of these companies sell products that perform the same functions as some of our products. In addition, the vendors of operating system software or networking hardware may enhance their products to include the same kinds of functions that our products currently provide. The widespread inclusion of comparable features to our software in operating system software or networking hardware could render our products less competitive or obsolete, particularly if such features are of a high quality. Even if security functions integrated into operating system software or networking hardware are more limited than those of our products, a significant number of customers may accept more limited functionality to avoid purchasing additional products.

      In addition, with the introduction of our Proventia integrated security appliance, we have offerings that compete with vendors of firewalls, VPNs, anti-virus systems, and content and spam filtering products. These offerings are competitive with a broader spectrum of network security companies, as well as those that also offer integrated security appliances or broad product suites, like Symantec Corp.

      For the above reasons, we may not be able to compete successfully against our current and future competitors. Increased competition may result in price reductions, reduced gross margins and loss of market share.

      Rapid changes in technology pose significant risks to us. We do not control nor can we influence the forces behind these changes, which include:

      To remain successful, we must continue to change, adapt and improve our products in response to these and other changes in technology. Our future success hinges on our ability to both continue to enhance our current line of products and professional services and to introduce new products and services that address and respond to innovations in computer hacking, computer technology and customer requirements. We cannot be sure that we will successfully develop and market new products that do this. Any failure by us to timely develop and introduce new products, to enhance our current products or to expand our professional services capabilities in response to these changes could adversely affect our business, operating results and financial condition.

      Our products involve very complex technology and, as a consequence, major new products and product enhancements require a long time to develop and test before going to market. Because this amount of time is difficult to estimate, we have had to delay the scheduled introduction of new and enhanced products in the past and may have to delay the introduction of new and enhanced products in the future.

      The techniques computer hackers use to gain unauthorized access to, or to sabotage, networks and intranets are constantly evolving and increasingly sophisticated. Furthermore, because new hacking techniques are usually not recognized until used against one or more targets, we are unable to anticipate most new hacking techniques. To the extent that new hacking techniques harm our customers’ computer systems or businesses, affected or prospective customers may believe that our products are ineffective, which may cause them or prospective customers to reduce or avoid purchases of our products.

      We offer warranties on our products, allowing the end customer to have any defective product repaired, or to receive a replacement product for it during the warranty period, or in certain circumstances return the product for a refund. Our products may contain undetected errors or defects. If there is a broad product failure across our customer base, we may decide to replace all affected products or we may decide to refund the purchase price for defective units. Such defects and actions may adversely affect our ability to record revenue. Some errors are discovered only after a product has been installed and used by end customers. Any errors discovered after commercial release could result in loss of revenues and claims against us.

      We offer warranties on our service levels for managed security services. If we do not meet warranties, the customer generally may obtain credits for service.

      If we are unable to fix errors or other product problems that later are identified after full deployment, or if we fail to meet our service levels for managed security services, in addition to the consequences described above, we could experience:

      Because we offer very complex products, undetected errors, failures or bugs may occur when they are first introduced or when new versions are released. Our products often are installed and used in large-scale computing environments with different operating systems, system management software and equipment and networking configurations, which may cause errors or failures in our products or may expose undetected errors, failures or bugs in our products. We discover errors, failures and bugs in certain of our product offerings after their introduction and have experienced delays and could experience lost revenues during the period required to correct these errors. Our customers’ computer environments are often characterized by a wide variety of standard and non-standard configurations that make pre-release testing for programming or compatibility errors very difficult and time-consuming. Despite testing, errors, failures or bugs may not be found in new products or releases until after commencement of commercial shipments. Errors, failures or bugs in products released by us could result in negative publicity, product returns, loss of or delay in market acceptance of our products or claims by customers or others.

      In addition, if an actual or perceived breach of network security occurs in one of our end customer’s security systems, regardless of whether the breach is attributable to our products, the market perception of the effectiveness of our products could be harmed. Because the techniques used by computer hackers to access or sabotage networks change frequently and generally are not recognized until launched against a target, we may be unable to anticipate these techniques. Alleviating any of these problems could require significant expenditures of our capital and resources and could cause interruptions, delays or cessation of our product licensing, which could cause us to lose existing or potential customers and would adversely affect results of operations.

      Because our products and services provide and monitor network security and may protect valuable information, we could face claims for product liability, tort or breach of warranty. Anyone who circumvents our security measures could misappropriate the confidential information or other property of end customers using our products, or interrupt their operations. If that happens, affected end customers or others may sue us. In addition, we may face liability for breaches caused by faulty installation of our products by our service and support organizations. Provisions in our contracts relating to warranty disclaimers and liability limitations may be unenforceable. Some courts, for example, have found contractual limitations of liability in standard computer and software contracts to be unenforceable in some circumstances. Defending a lawsuit, regardless of its merit, could be costly and could divert management attention. Our business liability insurance coverage may be inadequate or future coverage may be unavailable on acceptable terms or at all.

      The expansion of our international operations includes our presence in dispersed locations throughout the world, including throughout EMEA and the Asia/ Pacific and Latin America regions. Our international presence and expansion exposes us to risks not present in our U.S. operations, such as:

      Despite these risks, we believe that we must continue to expand our operations in international markets to support our growth. To this end, we intend to establish additional foreign sales operations, expand our existing offices, hire additional personnel, expand our international sales channels and customize our products for local markets. If we fail to execute this strategy, our international sales growth will be limited.

      Like other companies, our websites, networks, information systems, products and services may be targets for sabotage, disruption or misappropriation by hackers. As a leading network security solutions company, we are a high profile target. Although we believe we have sufficient controls in place to prevent disruption and misappropriation, and to respond to such situations, we expect these efforts by hackers to continue. If these efforts are successful, our operations, reputation and sales could be adversely affected.

      As part of our growth strategy, we have and may continue to acquire or make investments in companies with products, technologies or professional services capabilities complementary to our solutions. When engaging in acquisitions, we could encounter difficulties in assimilating or completing the development of the technologies, new personnel and operations into our company. These difficulties may disrupt our ongoing business, distract our management and employees, increase our expenses and adversely affect our results of operations. These difficulties could also include accounting requirements, such as impairment charges related to goodwill or other intangible assets or expensing in-process research and development costs. We cannot be certain that we will successfully overcome these risks with respect to any future acquisitions or that we will not encounter other problems in connection with our recent or any future acquisitions. In addition, any future acquisitions may require us to incur debt or issue equity securities. The issuance of equity securities could dilute the investment of our existing stockholders.

      We rely primarily on copyright, trademark, patent and trade secrets laws, confidentiality procedures and contractual provisions to protect our proprietary rights. We have obtained one United States patent, one Taiwanese patent, and have a number of patent applications pending, as well as numerous trademarks and trademark applications pending. There can be no assurance that patents will be issued from pending applications, or that claims allowed on any patents will be sufficiently broad to protect our technology. There can be no assurance that any issued patents will not be challenged, invalidated or circumvented, or that any rights granted under these patents will actually provide competitive advantages to us. Despite our efforts to protect our proprietary rights, unauthorized parties may attempt to copy aspects of our products or to obtain and use information that we regard as proprietary. Policing unauthorized use of our products is difficult. While we cannot determine the extent to which piracy of our software products occurs, we expect software piracy to be a persistent problem. In addition, the laws of some foreign countries do not protect our proprietary rights to as great an extent as do the laws of the United States, and many foreign countries do not enforce these laws as diligently as U.S. government agencies and private parties. If we are unable to protect our proprietary rights to the totality of the features in our software and products (including aspects of our software and products protected other than by patent rights), we may find ourselves at a competitive disadvantage to others who need not incur the additional expense, time and effort required to create the innovative products that have enabled us to be successful.

      Third parties may assert claims or initiate litigation related to exclusive patent, copyright, trademark and other intellectual property rights to technologies that are relevant to our business. Because of the large number of patents in the Internet, networking, security and software fields, the secrecy of some pending patents and the rapid rate of issuance of new patents, it is not economically practical (or even possible) to determine in advance whether a product (or any of its components) infringe or will infringe the patent rights of others. Third party asserted claims and/or initiated litigation can include claims against us or our manufacturers, suppliers, or customers, alleging infringement of proprietary rights with respect to our existing or future products (or components of those products). Regardless of the merit of these claims, they can be time-consuming, result in costly litigation and diversion of technical and management personnel, or require us to develop a non-infringing technology or enter into license agreements. There can be no assurance that licenses will be available on acceptable terms and conditions, if at all, in these circumstances, or that any indemnification that might be available to us would be adequate to cover our costs of defense. Furthermore, because of the potential for large judgments, which are not necessarily predictable, it is not unusual to find even arguably unmeritorious claims settled for significant funds. If any infringement or other intellectual property claim made against us by a third party is successful, or if we fail to develop non-infringing technology or license the proprietary rights on commercially reasonable terms and conditions, our business, operating results, financial condition and liquidity could be materially and adversely affected.

      We believe that our future success will depend in part on our ability to recruit and retain highly skilled management, sales, marketing and technical personnel. To accomplish this, we believe that we must provide personnel with a competitive compensation package, including stock options, restricted stock or similar incentive stock awards. Our current incentive stock plan expires in September 2005 and we believe that sufficient shares are available for issuance under that plan to meet our needs until it expires. We expect to propose a new incentive stock plan to stockholders at our annual stockholders meeting in 2005, but there is no assurance that shareholders will approve such plan, which would impair our ability to attract and retain necessary personnel.

      Our certificate of incorporation and bylaws contain provisions that could have the effect of making it more difficult for a third party to acquire, or of discouraging a third party from attempting to acquire, control of ISS. These provisions:

Interest Rate Sensitivity

      The primary objective of our investment activities is to preserve principal while at the same time maximizing the income we receive from our investments without significantly increasing risk. Some of the securities in which we invest may be subject to market risk. This means that a change in prevailing interest

rates may cause the principal amount of the investment to fluctuate. For example, if we hold a security that was issued with a fixed interest rate at the then-prevailing rate and the prevailing interest rate later rises, the market value of our investment will probably decline. To minimize this risk, we maintain our portfolio of cash equivalents and marketable securities in a variety of high-quality relatively short-term investments, including governmental securities, commercial paper and overnight repurchase agreements, as well as longer term securities that have interest rates that are adjusted to market on a short-term basis. As of December 31, 2004, we had $12.2 million of securities with fixed rates of interest that mature in more than three months and $2.3 million of securities with fixed rates of interest that mature in more than six months but less than one year. Based on the average investments outstanding during 2004 and 2003, increases or decreases of 25 basis points would result in increases or decreases to interest income of approximately $575,000 and $675,000 in 2004 and 2003, respectively, from the reported interest income.

Risk Associated with Foreign Exchange Rates

      ISS is subject to foreign exchange risk as a result of exposures to changes in currency exchange rates. Our foreign operations are, for the most part, naturally hedged against exchange rate fluctuations since both revenues and expenses of each foreign affiliate are denominated in the same currency. Therefore, we do not engage in formal hedging activities, but we do periodically review the potential impact of this risk to ensure that the risk of significant potential losses remains minimal. As a result, an unfavorable change in the exchange rate for any particular foreign subsidiary would result in lower revenues and expenses with regards to operating results, and lower assets and liabilities with regards to the balance sheet.

      The Company’s operating results are affected by changes in exchange rates between the U.S. Dollar and the Euro and the Japanese Yen. When the U.S. Dollar strengthens against these foreign currencies, the value of our non-functional currency revenues decreases. When the U.S. Dollar weakens, the value of our functional currency revenues increases. Since much of our international operating expenses are also incurred in local currencies, which is the foreign subsidiaries functional currency, the impact of exchange rates on net income or loss is relatively less than the impact on revenue. Although our operating and pricing strategies take into account changes in exchange rates over time, our results of operations may be affected significantly in the short term by fluctuations in foreign currency exchange rates. A fluctuation of 10% in the average exchange rates of the Euros and Japanese Yen relative to the US dollar during 2004 and 2003 would have resulted in increases or decreases in operating income of approximately $4.5 million and $2.6 million in 2004 and 2003, respectively, from the reported operating income.

      During 2004, the Company recorded a net foreign exchange gain of $401,000. The nature and extent of the foreign currency risk faced by the Company depends on many factors that cannot be accurately predicted. These factors include significant changes in foreign currency market conditions, the Company’s inability to match foreign currency denominated revenues with costs denominated in the same currency, and changes in the amount or mix of revenues denominated in various foreign currencies. As a result of material unforeseen changes in these factors, the Company’s foreign currency risk could have a greater impact on the Company’s results of operations in the future.

      Schedules other than the one listed above are omitted as the required information is inapplicable or the information is presented in the consolidated financial statements or related notes.

      None.

Disclosure Controls and Procedures

      ISS’ management, with the participation of the Chief Executive Officer and Chief Financial Officer, evaluated the effectiveness of our disclosure controls and procedures, as defined in Rules 13a-15(e) and 15d-15(e) under the Securities Exchange Act of 1934, as of December 31, 2004. No system of controls, no matter how well designed and operated, can provide absolute assurance that the objectives of the system of controls are met, and no evaluation of controls can provide absolute assurance that the system of controls has operated effectively in all cases. Our disclosure controls and procedures however are designed to provide reasonable assurance that the objectives of disclosure controls and procedures are met.

      As described in our management’s report on our internal control over financial reporting below, ISS’ management and independent registered public accounting firm identified a material weakness in ISS’ internal control over financial reporting, as defined in Rules 13a-15(f) and 15d-15(f) under the Securities Exchange Act, related to revenue recognition for sales contracts with multiple revenue elements. That material weakness in internal control over financial reporting also affects the effectiveness of our disclosure controls and procedures.

      Based on their evaluation, management concluded that ISS’ disclosure controls and procedures were not effective as of December 31, 2004 because of the material weakness described in management’s report on internal control over financial reporting.

Management Report on Internal Control Over Financial Reporting

      The management of ISS is responsible for establishing and maintaining adequate internal control over financial reporting, as such term is defined in Rules 13a-15(f) and 15d-15(f) promulgated under Securities Exchange Act of 1934, as amended. ISS’ internal control system was designed to provide reasonable assurance regarding the reliability of financial reporting and the preparation of financial statements for external purposes in accordance with generally accepted accounting principles.

      Internal control systems, no matter how well designed, have inherent limitations. Therefore, even those systems determined to be effective can provide only reasonable assurance with respect to financial statement preparation and presentation, and may not prevent or detect misstatements. In addition, projections of any

evaluation of effectiveness to future periods are subject to risks that controls may become inadequate because of changes in conditions, individuals make errors in judgment, or individuals do not comply with policies or procedures.

      ISS’ management assessed the effectiveness of the company’s internal control over financial reporting as of December 31, 2004. In making this assessment, it used the criteria set forth by the Committee of Sponsoring Organizations of the Treadway Commission (COSO) in Internal Control — Integrated Framework.

      A material weakness in ISS’ internal control over financial reporting was identified in the course of the evaluations of effectiveness of ISS’ internal control over financial reporting as of December 31, 2004. A “material weakness” in internal control over financial reporting is defined by the Public Company Accounting Oversight Board’s Auditing Standard No. 2 as a significant deficiency, or combination of significant deficiencies, that results in more than a remote likelihood that a material misstatement of the annual or interim financial statements will not be prevented or detected.

      The material weakness relates to insufficient controls over the selection and application of accounting policies on revenue recognition for sales contracts with multiple revenue elements. Specifically, there was an incorrect conclusion initially made regarding revenue recognition involving one contract with specified upgrade rights executed in the quarter ended December 31, 2004. Additionally, other control deficiencies related to revenue recognition were identified and evaluated in connection with the determination of this material weakness in internal controls.

      Because of the material weakness described above, we believe that, as of December 31, 2004, the company’s internal control over financial reporting was not effective based on the criteria set by COSO.

      ISS’ independent registered public accounting firm has issued an audit report on our assessment of the company’s internal control over financial reporting.

Remediation Steps to Address the Material Weakness

      The error in the contract referred to above was detected, corrected and was properly accounted for (i.e., the revenue from the contract was deferred to later periods) in ISS’ results for the year ended December 31, 2004.

      We are improving ISS’ internal control over financial reporting as it relates to revenue recognition in an effort to remediate this material weakness and other control deficiencies that were identified during this process. We expect that this remediation will include:

Changes in Internal Control Over Financial Reporting

      There have not been any changes in ISS’ internal control over financial reporting during the quarter ended December 31, 2004 that have materially affected, or are reasonably likely to materially affect, such controls.

REPORT OF INDEPENDENT REGISTERED PUBLIC ACCOUNTING FIRM

The Board of Directors and Stockholders

Internet Security Systems, Inc.

      We have audited management’s assessment, included in the accompanying Management Report on Internal Control Over Financial Reporting, that Internet Security Systems, Inc. did not maintain effective internal control over financial reporting as of December 31, 2004, because of the effect of the material weakness identified in management’s assessment related to the controls over revenue recognition for sales contracts with multiple revenue elements, based on criteria established in Internal Control — Integrated Framework issued by the Committee of Sponsoring Organizations of the Treadway Commission (the COSO criteria). Internet Security Systems, Inc.’s management is responsible for maintaining effective internal control over financial reporting and for its assessment of the effectiveness of internal control over financial reporting. Our responsibility is to express an opinion on management’s assessment and an opinion on the effectiveness of the company’s internal control over financial reporting based on our audit.

      We conducted our audit in accordance with the standards of the Public Company Accounting Oversight Board (United States). Those standards require that we plan and perform the audit to obtain reasonable assurance about whether effective internal control over financial reporting was maintained in all material respects. Our audit included obtaining an understanding of internal control over financial reporting, evaluating management’s assessment, testing and evaluating the design and operating effectiveness of internal control, and performing such other procedures as we considered necessary in the circumstances. We believe that our audit provides a reasonable basis for our opinion.

      A company’s internal control over financial reporting is a process designed to provide reasonable assurance regarding the reliability of financial reporting and the preparation of financial statements for external purposes in accordance with generally accepted accounting principles. A company’s internal control over financial reporting includes those policies and procedures that (1) pertain to the maintenance of records that, in reasonable detail, accurately and fairly reflect the transactions and dispositions of the assets of the company; (2) provide reasonable assurance that transactions are recorded as necessary to permit preparation of financial statements in accordance with generally accepted accounting principles, and that receipts and expenditures of the company are being made only in accordance with authorizations of management and directors of the company; and (3) provide reasonable assurance regarding prevention or timely detection of unauthorized acquisition, use, or disposition of the company’s assets that could have a material effect on the financial statements.

      Because of its inherent limitations, internal control over financial reporting may not prevent or detect misstatements. Also, projections of any evaluation of effectiveness to future periods are subject to the risk that controls may become inadequate because of changes in conditions, or that the degree of compliance with the policies or procedures may deteriorate.

      A material weakness is a control deficiency, or combination of control deficiencies, that results in more than a remote likelihood that a material misstatement of the annual or interim financial statements will not be prevented or detected. The following material weakness has been identified and included in management’s assessment. The material weakness identified by management and Ernst & Young relates to insufficient controls over the selection and application of accounting policies on revenue recognition for sales contracts with multiple revenue elements. Specifically, there was an incorrect conclusion initially made regarding revenue recognition involving a material contract with specified upgrade rights executed in the quarter ended December 31, 2004. Additionally, other control deficiencies related to revenue recognition were identified and evaluated in connection with the determination of this material weakness in internal controls. Several adjustments were recorded by the Company as a result of these deficiencies. This material weakness was considered in determining the nature, timing, and extent of audit tests applied in our audit of the 2004 financial statements, and this report does not affect our report dated March 15, 2005 on those financial statements.

      In our opinion, management’s assessment that Internet Security Systems, Inc. did not maintain effective internal control over financial reporting as of December 31, 2004, is fairly stated, in all material respects, based on the COSO control criteria. Also, in our opinion, because of the effect of the material weakness described above on the achievement of the objectives of the control criteria, Internet Security Systems, Inc. has not maintained effective internal control over financial reporting as of December 31, 2004, based on the COSO control criteria.

      We also have audited, in accordance with the standards of the Public Company Accounting Oversight Board (United States), the consolidated balance sheets of Internet Security Systems, Inc. as of December 31, 2004 and 2003, and the related consolidated statements of operations, stockholders’ equity, and cash flows for each of the three years in the period ended December 31, 2004 and our report dated March 15, 2005 expressed an unqualified opinion thereon.

Atlanta, Georgia

March 15, 2005

Item 9B.     Other Information

      None.

PART III

Directors and Executive Officers

      See the Proxy Statement for the Company’s 2005 Annual Meeting of Stockholders, under the headings “Proposal One: Election of Directors”, “Executive Officers”, and “Section 16(a) Beneficial Reporting Compliance”, which information is incorporated herein by reference.

Code of Conduct and Code of Ethics for Financial Professionals

      The Company has adopted a Code of Conduct and a Code of Ethics for Financial Professionals which apply to its Chief Executive Officer, Chief Financial Officer, and Principal Accounting Officer. These documents are available on the “Investor Relations — Corporate Governance” portion of our website at www.iss.net\Company. Any waiver or amendment to such Codes for the benefit of such officers will also be posted to such website.

      See the Proxy Statement for the Company’s 2005 Annual Meeting of Stockholders, under the headings “Director Compensation” and “Executive Compensation”, which information is incorporated herein by reference.

      See the Proxy Statement for the Company’s 2005 Annual Meeting of Stockholders, under the headings “Security Ownership of Management and Principal Stockholders” and “Equity Compensation Plans”, which information is incorporated herein by reference.

      See the Proxy Statement for the Company’s 2005 Annual Meeting of Stockholders, under the heading “Certain Relationships and Related Transactions”, which information is incorporated herein by reference.

      See the Proxy Statement for the Company’s 2005 Annual Meeting of Stockholders, under the headings “Independent Auditors” and “Fee Pre-Approved Policy”, which information is incorporated herein by reference.

PART IV

      (a) The following documents are filed as part of this report:

REPORT OF INDEPENDENT REGISTERED PUBLIC ACCOUNTING FIRM

The Board of Directors and Stockholders

Internet Security Systems, Inc.

      We have audited the accompanying consolidated balance sheets of Internet Security Systems, Inc. as of December 31, 2004 and 2003, and the related consolidated statements of operations, stockholders’ equity, and cash flows for each of the three years in the period ended December 31, 2004. Our audits also included the financial statement schedule listed in the Index at Item 15(a). These financial statements and schedule are the responsibility of the Company’s management. Our responsibility is to express an opinion on these financial statements and schedule based on our audits.

      We conducted our audits in accordance with the standards of the Public Company Accounting Oversight Board (United States). Those standards require that we plan and perform the audit to obtain reasonable assurance about whether the financial statements are free of material misstatement. An audit includes examining, on a test basis, evidence supporting the amounts and disclosures in the financial statements. An audit also includes assessing the accounting principles used and significant estimates made by management, as well as evaluating the overall financial statement presentation. We believe that our audits provide a reasonable basis for our opinion.

      In our opinion, the financial statements referred to above present fairly, in all material respects, the consolidated financial position of Internet Security Systems, Inc. as of December 31, 2004 and 2003, and the consolidated results of its operations and its cash flows for each of the three years in the period ended December 31, 2004, in conformity with U.S. generally accepted accounting principles. Also, in our opinion, the related financial statement schedule, when considered in relation to the basic financial statements taken as a whole, presents fairly in all material respects the information set forth therein.

      We have also audited, in accordance with the standards of the Public Company Accounting Oversight Board (United States), the effectiveness of Internet Security Systems, Inc.’s internal controls over financial reporting as of December 31, 2004, based on criteria established in Internal Control — Integrated Framework issued by the Committee of Sponsoring Organizations of the Treadway Commission and our report dated March 15, 2005 expressed an unqualified opinion on management’s assessment and an adverse opinion on the effectiveness of internal control over financial reporting.

Atlanta, Georgia

March 15, 2005

INTERNET SECURITY SYSTEMS, INC.

CONSOLIDATED BALANCE SHEETS

See accompanying notes.

INTERNET SECURITY SYSTEMS, INC.

CONSOLIDATED STATEMENTS OF OPERATIONS

See accompanying notes.

INTERNET SECURITY SYSTEMS, INC.

CONSOLIDATED STATEMENTS OF STOCKHOLDERS’ EQUITY

See accompanying notes.

INTERNET SECURITY SYSTEMS, INC.

CONSOLIDATED STATEMENTS OF CASH FLOWS