The company I work for has some neat incentive programs that it makes available to its staff. One of them is the result of the company being in the health care vertical and also having a parking shortage at our headquarters. To ease the parking problem, we offer a "healthy parking" incentive where people receive a small cash payment for parking in the most inconvenient, far away lot. It works so well that there's now a waiting list to get a lousy parking spot. If small cash incentives can work this well for parking, why not other things?
I wish I had this idea last year when we were putting together the 08 budget for infosec: "healthy computing!" In this case, users who have local admin on their company-issued computers would willingly give up their elevated privileges for a cash payment. Sounds expensive, right? But what are you spending on anti-virus and other host-security products? It's probably pretty close, and at least today, there's more value in reducing local admin access than there is in running anti-virus. Not to mention the time and internal cost of proving that a user doesn't need local admin privileges in order to revoke them.
And while I'm denigrating the value of AV products, I'd like to share with you my favorite blog post of the month. It's from Amrit Williams' blog, which is one my regular reads.