(Amended July 14, 2003)



The Board of Directors of Internet Security Systems, Inc., a Delaware corporation (the "Company"), has constituted and established a Nominating and Governance Committee (the "Committee") with authority, responsibility and specific duties as described herein. This Charter and the composition of the Committee are intended to comply with the rules of the Nasdaq National Market System (the "Nasdaq").

I.         Purpose

The Committee is appointed by the Board of Directors to assist the Board in fulfilling its responsibilities relating to (i) identification of individuals qualified to become Board members and recommendation of director nominees to the Board of Directors prior to each annual meeting of shareholders; (ii) recommendation of nominees for any committee of the Board; (iii) development and recommendation of corporate governance guidelines to the Board; and (iv) leadership of the Board's review of its performance and the performance of directors.


II.       Committee Composition

The Committee shall consist of no fewer than two members of the Company's Board of Directors. The members of the Committee shall be non-employee Directors who meet the independence requirements of the Nasdaq rules and any applicable SEC rules and regulations. The Board of Directors will assess and determine such qualifications of the Committee members.

The members of the Committee shall be annually appointed by the Board of Directors. The Board of Directors shall also select the Chair of the Committee. If a Chair is not designated or present, the members of the Committee may designate a Chair by majority vote of the Committee membership. Committee members are subject to removal by the Board of Directors in its discretion.


III.     Committee Authority and Responsibilities

The Committee shall meet as often as it determines is appropriate. Such meetings may be held in person or telephonically and may be held at such times and places as the Committee determines. The Chair of the Committee should prepare and/or approve an agenda in advance of each meeting. The Committee may form and delegate authority to subcommittees when appropriate.

This Charter is intended to be flexible so that the Committee is able to meet changing conditions. The Committee is authorized to take such further actions as are consistent with its responsibilities and to perform such other actions as applicable law, the Nasdaq and the Company's Bylaws or the Board of Directors may require.

The Committee shall perform the following duties:

A.         General

1.       Obtain, as deemed necessary or appropriate, advice and assistance from internal or external legal, accounting or other advisors. The Committee shall have the sole authority to select any such advisors and approve the fees paid to such advisors and other retention terms.

2.       Make regular reports to the Board of Directors.

3.       Annually review the adequacy of this Charter and recommend any proposed changes to the Board of Directors for approval.

B.         Nominating

1.       Retain, as deemed necessary, and terminate any search firm to be used to identify director candidates. The Committee shall have sole authority to select such search firm and approve its fees and other retention terms.

2.       Determine desired board skills and attributes. The Committee shall select individuals as director nominees who have the highest personal and professional integrity, who have demonstrated exceptional ability and judgment and who shall be most effective, in conjunction with other nominees to or members of the Board of Directors, in collectively serving the long-term interests of the Company's shareholders. Actively seek individuals whose skills and attributes reflect those desired. Evaluate and propose nominees for election to the Board of Directors.

3.       Review the slate of directors who are to be re-nominated to determine whether they are meeting the Board's expectations of them.

4.       Annually review committee chairs and membership and recommend any changes to the full Board.

C.         Governance

1.       Oversee the evaluation of the Board of Directors of the Company and evaluate performance of individual directors prior to nomination for re-election. Report annually to the Board of Directors with an assessment of the Board's performance.

2.       Develop, review and reassess the adequacy of the Company's corporate governance guidelines and recommend any proposed changes to the Board for approval.

3.       Review any questions regarding the independence of Directors.