INTERNET SECURITY TASK FORCE RELEASES eBUSINESS SECURITY RECOMMENDATIONS

Computer Associates and Leading eBusinesses Release Security Report to the IT Industry and US Government

ISLANDIA, N.Y., March 14, 2000 — Computer Associates International, Inc. (CA), a founding member of the Internet Security Task Force (ISTF), today released the ISTF's, "Initial Set of Recommendations for Securing eBusiness."

The ISTF has identified the twelve leading security areas that eBusinesses must focus on and address in order to safely conduct eBusiness. Areas include:

• Authentication
• Privacy of Information
• Detection of Security Events
• Defense of the Corporate Perimeter
• Intrusion Detection
• Malicious Content
• Access Control
• Administration
• Incident Response

The full report of recommendations can be downloaded from http://ca.com/ISTF/.

The ISTF's recommendations provide an established or new eBusiness company recommendations that assist in identifying potential security exposures and "holes" in their internal computing network that, if not addressed, may be exploited by hackers. This can lead to a possible attack and cause potential business downtime. The ISTF has also made available its recommendations to US law enforcement agencies and concerned government officials.

"As a member of the House High Tech Advisory Committee, I support the work that companies such as Computer Associates are doing in bringing together experts in eBusiness and eSecurity," said Congressman David Wu. "It is important to provide informed and consistent recommendations that industry and government can use to ensure the security of eBusiness operations."

ISTF members include leading eBusinesses and eBusiness infrastructure companies such as Cisco Systems, eToys, Inc., Sabre, Inc., Travelocity, Verio Inc, and CA. The ISTF strongly recommends adoption of its product-independent security guidelines before an organization participates in eBusiness. In addition, the guidelines should be used to help organizations perform an Internet Security Readiness Assessment and identify steps to ensure a secure eBusiness environment.

"The Internet Security Task force recommendations on eBusiness security are timely and vital," said Kayne Grau, eToys, senior director of information technology. "The infrastructure for eBusiness must be secure and reliable if we are to realize the full potential the Internet has to offer."

The initial set of recommendations focus on identifying commonly overlooked, and easily addressed security exposures found in the majority of systems deployed today on the Internet. These include the use of weak default setup values when installing applications that lead to known default user IDs and passwords; no protection from interception of internal and external network traffic by hackers; no security auditing being conducted after changes are made to the eBusiness environment such as new applications and machines being installed; and poor administration leading to incomplete cleanup of old user IDs and so on.

"The importance of eBusiness and the Internet and the scale of recent attacks sounds a clear warning that security and safety are critical to business continuity", said Simon Perry, CA vice president, security solutions. "CA is very proud to bring together the collective knowledge of a forum of eBusiness and eSecurity experts and deliver to the industry and government this set of clear, concise recommendations on safeguarding eBusiness."

The Internet Security Task Force (ISTF), an independent consortium of security vendors, eBusinesses and Internet infrastructure providers, was created to provide specific technical, organizational and operational guidelines on Internet security aimed at preventing large-scale cyber terrorist attacks. Information on the task force, and how to join may be found at www.ca.com/ISTF.

Computer Associates International, Inc. (NYSE: CA), the world's leading business software company, delivers the end-to-end infrastructure to enable eBusiness through innovative technology, services and education. CA has 18,000 employees worldwide and had revenue of $6.3 billion for the year ended December 31, 1999. For more information, visit http://www.ca.com/.

All trademarks, tradenames, service marks and logos referenced herein belong to their respective companies.