Computerworld's security masked man, "Mathias Thurman" has an excellent post on reducing security spending in a recession. It isn't an option; it's reality. His picks for cost reduction:
- Tune IDS rules for more effective use of offshore analyst resources.
- Change / migrate SecurID strong authentication form factors from hard tokens to soft tokens.
- Cut audit schedule in half to save on travel expenses and an independent contractor.
- Stop paying maintenance on ISS Scanner and WebInspect. Fill in the gaps with open source.
Just looking at these can give you an idea of how sparse the information security budget is to begin with. Every little bit counts during budget reduction time.
What are you doing to reduce your spending?