Qualité et productivité – base de données

Titre descriptif du dossier proposé : Creation of a Security Operations Center (SOC)
Année de la candidature 2019
Nom et titre de l’auteur (des auteurs) de l’idée
Name / Nom Title / Titre
Tim Lott AVP IT Services and CIO
Denis Levesque previous CIO
Bruce Clemmer Director, IT Operations and Infrastructure
Jeff Gardiner Director, Information Security
Nom de l’établissement : Carleton University
Adresse au bureau : 401 Robertson Hall, Carleton University
1125 Colonel By Drive
Ottawa, Ontario K1S 5B6
Map It
  • AVP IT Services and CIO
  • previous CIO
  • Director, IT Operations and Infrastructure
  • Director, Information Security
  • Tim Lott
  • Denis Levesque
  • Bruce Clemmer
  • Jeff Gardiner
Numéros de téléphone 613-520-2600 x5245
Adresse électronique : Email caché; Javascript est requis.
Nom (Responsable en chef des services administratifs de l’établissement) Michel Piché
Titre (Responsable en chef des services administratifs de l’établissement) VP Finance and Administration
Office Address 503 Tory Building, Carleton University
1125 Colonel By Drive
Ottawa, Ontario K1S 5B6
Map It
Numéros de téléphone 613-520-2600 x3804
Adresse électronique : Email caché; Javascript est requis.

Information Security is frequently near the top of Canadian universities' priority lists. However, challenges for Canadian Higher Education exist with resourcing and funding a fully functional SOC (Security Operations Center). Carleton University took the approach of modernising its existing Network Operations Centre, partnering with its technology provider, and adding CO-OP students into the operations centre.  The result is a SOC that provides 24/7 security services and zero increase in fulltime headcount, while providing opportunities for Carleton's CO-OP students to gain real hands-on experience with leading edge security technologies.

Carleton’s early creation of its own SOC illustrates an innovative practice in addressing a risk now at the top of everyone’s list. 
The creation of a SOC has resulted in operational and cost benefits.  Operational benefits have accrued because the SOC does continuous monitoring making near immediate threat detection and rapid remediation now possible. This has limited the dwell time of vulnerabilities and malefactors operating in the institutional environment, reducing the business impact and cost of cyber incidents.  Cost benefits have accrued because, with the rising costs of security breaches, the operating investments are offset by a streamlined incident management process that more efficiently traverses the many disparate groups (NOC, Security, network and system administration, etc.) involved.
Other institutions have since expressed interest to Carleton about its SOC experience, to inform their own SOC deployments. 

Critères Please submit one paragraph describing how the proposal fulfills each of the evaluation criteria.

The SOC model is not only transferable but can be scaled up to regional or national models.  There are multiple SOC models (externally managed, internally managed, hybrid) that can be adopted based upon a university's specific environment.

Impact sur la qualité

The introduction of a SOC was expected to reduce the time-to-detection of vulnerabilities and malefactors operating in the University environment.  This outcome was assessed and realized from 2017 until 2019.

Impact sur la productivité

A number of new capabilities have been introduced as a consequence of the SOC including the ability to detect and remediate compromised university accounts.  Previously, compromised accounts could remain undetected for an extended period.   Similarly, the ability to detect threats to Carleton's environment had been restricted to normal business hours 8:30am-4:30pm.  Carleton’s SOC is a hybrid SOC with 24/7 – 365 Security monitoring, threat detection, event classification and triage, which allows the initiation of remediation and recovery activities around the clock.


Reorganizing an IT group to include a network operations center is still fairly novel in Canadian HigherEd IT.  The inclusion of a SOC in IT operations is atypical of conventional education organizational structures. Using the wealth of skills within Carleton's student population to add resources through the university’s CO-OP program, affords students valuable hands-on experience with modern technologies and processes that will give them a competitive advantage in job placement at graduation.

Supporting Documents the-noc-and-soc-divide-increases-risk-while-breeding-inefficiencies1.pdf