Owing to the mature technology and popular application on the Internet, Information security (IS) has become a critical issue of the Internet Technology (IT). Various types of information security products, such as Firewalls, Antivirus, Virtual Private Network, Online Security Scanning, and Intrusion Detection System, have been widely used by government agencies and business organizations to set up a secure information environment. The network manager and IS personnel are constantly faced with numerous of logs in information security events. In fact, problems in IS could not be solved by single product. We can deem IS as a process for its implementation, not point products. Therefore, it has become an inevitable trend for IS that sets up policies via the security requirements of government agencies and business organizations, and then integrates relevant IS products to implement SOC (Security Operation Center). The thesis introduces the development of IS and SOC in Taiwan and other countries, and discusses the service process, related technologies, and implementation types of SOC. Also, this thesis involves the concept of risk management to evaluate customers’ risk values before/after risk treatment, physical information assets, organization scales, business properties, and IS requirements. Then, we take above these parameters for categorizing various levels of SLAs (Service Level Agreements), and find out the different article respond to various levels. According to the determined level of SLAs, we provide proposal of refining contract regarding outsourcing SOC. Consequently, we illustrate the possible issues and challenges in emerging development of SOC. To be summarized, we expect that this thesis could be the reference model for SOC implementation in the future.