Quality and Productivity Database

Descriptive Title of Proposal: Creation of a Security Operations Center (SOC)
Year Submitted 2019
Person(s) Responsible for the Idea
Name / Nom Title / Titre
Tim Lott AVP IT Services and CIO
Denis Levesque previous CIO
Bruce Clemmer Director, IT Operations and Infrastructure
Jeff Gardiner Director, Information Security
Name of Institution Carleton University
Office Address 401 Robertson Hall, Carleton University
1125 Colonel By Drive
Ottawa, Ontario K1S 5B6
Map It
Telephone: 613-520-2600 x5245
Email Address: Email hidden; Javascript is required.
Name (Senior Administrative Office of the Institution) Michel Piché
Title (Senior Administrative Office of the Institution) VP Finance and Administration
Office Address 503 Tory Building, Carleton University
1125 Colonel By Drive
Ottawa, Ontario K1S 5B6
Map It
Telephone: 613-520-2600 x3804
Email Address: Email hidden; Javascript is required.

Information Security is frequently near the top of Canadian universities' priority lists. However, challenges for Canadian Higher Education exist with resourcing and funding a fully functional SOC (Security Operations Center). Carleton University took the approach of modernising its existing Network Operations Centre, partnering with its technology provider, and adding CO-OP students into the operations centre.  The result is a SOC that provides 24/7 security services and zero increase in fulltime headcount, while providing opportunities for Carleton's CO-OP students to gain real hands-on experience with leading edge security technologies.

Carleton’s early creation of its own SOC illustrates an innovative practice in addressing a risk now at the top of everyone’s list. 
The creation of a SOC has resulted in operational and cost benefits.  Operational benefits have accrued because the SOC does continuous monitoring making near immediate threat detection and rapid remediation now possible. This has limited the dwell time of vulnerabilities and malefactors operating in the institutional environment, reducing the business impact and cost of cyber incidents.  Cost benefits have accrued because, with the rising costs of security breaches, the operating investments are offset by a streamlined incident management process that more efficiently traverses the many disparate groups (NOC, Security, network and system administration, etc.) involved.
Other institutions have since expressed interest to Carleton about its SOC experience, to inform their own SOC deployments. 

Criteria Please submit one paragraph describing how the proposal fulfills each of the evaluation criteria.

The SOC model is not only transferable but can be scaled up to regional or national models.  There are multiple SOC models (externally managed, internally managed, hybrid) that can be adopted based upon a university's specific environment.

Quality Impact

The introduction of a SOC was expected to reduce the time-to-detection of vulnerabilities and malefactors operating in the University environment.  This outcome was assessed and realized from 2017 until 2019.

Productivity Impact

A number of new capabilities have been introduced as a consequence of the SOC including the ability to detect and remediate compromised university accounts.  Previously, compromised accounts could remain undetected for an extended period.   Similarly, the ability to detect threats to Carleton's environment had been restricted to normal business hours 8:30am-4:30pm.  Carleton’s SOC is a hybrid SOC with 24/7 – 365 Security monitoring, threat detection, event classification and triage, which allows the initiation of remediation and recovery activities around the clock.


Reorganizing an IT group to include a network operations center is still fairly novel in Canadian HigherEd IT.  The inclusion of a SOC in IT operations is atypical of conventional education organizational structures. Using the wealth of skills within Carleton's student population to add resources through the university’s CO-OP program, affords students valuable hands-on experience with modern technologies and processes that will give them a competitive advantage in job placement at graduation.

Supporting Documents the-noc-and-soc-divide-increases-risk-while-breeding-inefficiencies1.pdf