ROI in Information Security and Auditing

SANS Institute report indicates we're spending our time and money in the wrong places!

SANS recently published a report that has been picked up by syndicated news feeds like this one indicating that in a very large way security and IT audit professionals are putting their emphasis in the wrong place!  To sum it up, information from real world attacks tell us that we're spending the lion's share of our resources and energy patching and validating the Operating System while the majority of attacks are occurring at the application layer, specifically Web applications and the like.
Fortunately, there's help available!  Not only can you point your developers and security people at resources like
OWASP, but SANS offers training for IT Audit and Security professionals that will teach you or your staff exactly what to test, why it should be tested and how to perform the validations.  While the course does spend two days on operating systems, the other four days deal with all of the other types of problems with one full day examining application layer problems in the form of Web Applications in tremendous detail!  Check here for a free demo of the class!