InfoSec cost recovery funding model (posted to REN-ISAC and EDUCAUSE)

["Shamblin, Quinn" <qrs () BU EDU>]

Hello everyone,

I am working to create a sustainable funding model for endpoint security at Boston University so we don't he keep 
having to go back for extra project funds every few years simply to refresh the appliances, systems or software 
required to protect endpoints.  This model would attach a one-time security surcharge to the purchase of any new 
desktop or laptop at BU.  That surcharge is scoped to fund the security hardware and software required to protect that 
machine over its anticipated life span of 4.3 years.

My question is this: Are any of you already doing this?  Do any of you have a sustainability funding model for 
information security?  Particularly any of this form that distributes the costs vs. being funded centrally...

Quinn R Shamblin                                                            .
Executive Director of Information Security, Boston University
CISM, CISSP, ITIL  (Previously GCFA, PMP)
Office: 617-358-6310    Mobile: 617-999-7523
Contact me securely: https://securecontact.me/qrs () bu edu