DETAILED ACTION
1. 	This is in response to an amendment filed on 02/23/2021. Claim 6 is canceled and claim 1-5 and 7-21 are pending and claims 1, 14 and 20 are independent. Each independent claim is amended. 
Notice of Pre-AIA  or AIA  Status
2.	The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
3.	On February 19, 2021, applicant's representative Glenn Snyder, Reg. No. 41,428 and examiner conducted applicant initiated telephone interview. The summary of the interview is attached. 
Allowable Subject Matter
4.	Claims 1-5 and 7-21 are allowed. 
5.	The following is an examiner’s statements of reasons for allowance:
6. 	 The following references/prior arts disclose the subject matter/claim limitations recited in independent claims 1, 14 and 20 before the current claim amendment is filed.

7.	As per independent claims 1, 14 and 20, Kumar discloses a system, comprising: a memory configured to store network-related security policies and procedures associated with an enterprise [See at least paragraph 0090, operational parameters (e.g., vulnerabilities, compliance, patch level, etc.) based on enterprise policies established for a baseline configuration]; 

a display [See paragraph 0193,  FIGS. 14-18 illustrate an exemplary data center administration console interface comprising various dashboards for displaying data related to operational integrity, resource utilization, application integrity, and network activity, in accordance with embodiments of the invention]; and 
at least one device configured to: 

monitor enterprise activity associated a plurality of the enterprise's networked devices in accordance with the security policies and procedures stored in the memory [See at least paragraph 0079, The method 300 can also supplement security audit scans 308…, an organization may periodically run security audit scans] , 

determine, based on monitored the enterprise activity, whether the enterprise is complying with the security policies and procedures stored in the memory [See at least paragraph 0079,Such security audit scans may be National Institute of Standards and Technology (NIST)/Security Content Automation Protocol (SCAP) compliant checks for common vulnerability exposures to identify deviated and vulnerable systems 307], calculate a risk exposure metric for at least one asset of the enterprise based on the enterprise activity and whether the enterprise is complying with the security policies and procedures [See at least figure 3B, paragraph 0082, 0083, determining a calculus of risk, in accordance with exemplary embodiments. [0083] Referring to FIG. 3B, the exemplary method 310 may include determining or performing a calculus of risk or the data center application…that receives sensory inputs 314 from instrumentation 313 including integrity measurement and verification scan correlation 315, network activity correlation 316 …]
output, to the display, a graphical user interface (GUI) providing information identifying the risk exposure metric associated with the at least one asset [See at least figure 15, and paragraph 0204, FIG. 15 depicts an exemplary GUI for a runtime operational integrity monitoring console 1500 including a system configuration dashboard 1550. Figure 15 shows a GUI displaying a critical risk assessment for a given machine] and receive, via the GUI, [See at least figure 14 and paragraphs 0200-0201. Figure 14 shows a GUI displaying a choice of remediation action, “Quarantine” or “Divert Users” for a given machine] 
Even though Kumar on paragraphs 0200-0201 and figure 14 broadly discloses the claim limitation recited in the claim 1, it doesn’t explicitly disclose the following underlined claim limitation:
receive, via the GUI, an input wherein the plan is based on user-selected risk exposure metric or level or a risk exposure metric or level recommended by the system”
or the following amended claim limitation recited in independent claim 14:
receiving, via the GUI, an input to initiate the generation of recommendations identifying actions to be taken to reduce the risk exposure metric, or generating, by the security monitoring system, recommendations identifying actions to be taken to reduce the risk exposure metric.
or the following amended claim limitation recited in independent claim 20:
and at least one of: receive, via the GUI, an input to initiate the generation of recommendations identifying actions to be taken to reduce the risk exposure metric, or generate recommendations identifying actions to be taken to reduce the risk exposure metric.
However Dotan at least on paragraph 0075 discloses these claim limitations recited in claims 1, 14 and 20.
In particular Dotan on paragraph 0075 discloses the following that meets the above claim limitations:

” FIG. 11 illustrates an example graphical user interface 1100 for a threat summary report that the management entity 110 may generate and present to a network administrator for a customer datacenter. The report includes a column for different categories of risks (Malware, Applications, Users) as shown at 1110. Next to each category type name there is a expand icon 1112. There is 1120 and a graphical element, such as a slider bar 1122, may be used to indicate risk level for each category. Columns 1130 indicates the number of block packets for each category, and column 1140 indicates the number of allowed packets for each category. The slider bars 1122 represent accepted levels of risk and changes can be made by a user by moving a slider bar 1122, which will result on change in network security policies and updates across devices”

Furthermore, with respect to independent claims 1, 14 and 20, a new updated search revealed the following prior arts that generally describes the general subject matter of these independent claims. 

A. 	US Publication No. 2014/0218389 A1 to Bennett discloses “Enterprise Information Security Management Software for Prediction Modeling with Interactive Graphs” in which various baseline security measurements of assets are collected and calculated by the system. A user creates a what-if scenario by changing one or more baseline security measurements. The system generates interactive, animated graphs that compare the baseline security measurements against the what-if scenario.

B.  	US Patent No. 10,708,291 B2 to Findlay discloses Security threat information gathering and incident reporting systems and methods in which the system relates to security and more particularly to threat information gathering, threat risk assessment, threat risk analysis, incident reporting, and information classification, codifying and sharing



D.	US  Publication No. 2013/0325545 A1 to Mordvinova discloses techniques for managing risks of a business enterprise include identifying a threat to a business enterprise; identifying, based on the threat, a plurality of business enterprise assets and associated impacts; determining a plurality of threat scenarios, each threat scenario including a qualitative probability and a qualitative impact; assigning a quantitative probability and a quantitative impact to each of the plurality of scenarios based on an evaluation of the qualitative probability and the qualitative impact in a risk matrix; determining, with a simulation model, a quantitative risk of the identified threat based on the assigned quantitative probability and quantitative impact; and preparing an output including the determined quantitative risk of the identified threat for display. 

E.	See the other cited prior arts. 	

However, the above prior arts of record including the rest of the cited prior arts either taken alone or in combination neither anticipates nor renders obvious the claimed subject 
For this reason, the specific claim limitations recited in the amended independent claims 1, 14 and 20 taken as whole are allowed.

8.	The dependent claims 2-5 7-13 and 15-19 which are dependent on the above independent claims 1, 14 and 20 being further limiting to the independent claim, definite and enabled by the specification are also allowed.

9.	Any comments Applicants considers necessary must be submitted no later than the payment of the Issue Fee and to avoid processing delays, should preferable accompany the Issue Fees. Such submission should be clearly labeled "Comments on Statement of Reasons for Allowance". In event of any post-allowance papers (e.g. IDS, 312 amendment, petition, etc.), Applicant is exhorted to mail papers to the Production Control branch in Publications or faxed to post-allowance papers correspondence branch at (703) 308-5864 to expedite issuing process or call PUB's Customer Service if any questions at (703) 305-8497. 

Conclusion

10.	Any inquiry concerning this communication or earlier communications from the examiner should be directed to SAMSON B LEMMA whose telephone number is 571-272-3806.  The examiner can normally be reached on M-F 8am-10pm.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Shaw Yin Chen can be reached on 571-272-8878.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.	
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be 


/SAMSON B LEMMA/Primary Examiner, Art Unit 2498