DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .


Response to Amendments
This communication is in response to the amendments filed on 1 July 2021:
	Claims 1, 8-9, 15, 17 and 21 are amended.
	Claims 6 and 14 are canceled.
	Claims 1-5, 7-13 and 15-21 are pending.


Examiner’s Amendment
An examiner’s amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted not later than the payment of the issue fee.

Authorization for the examiner’s amendment on claim 1 was given in an interview with Michael P. Hayek (72,928) on 09/16/2021. 

Claim 1 is amended as shown below:

(Currently amended) A method for responding to cyber events, comprising:
receiving, using a processor that processes instructions stored in a memory and from a configuration management system comprising information regarding information technology items, configuration information of a configuration item of the information technology items;
by the processor, using the configuration information of the configuration item, a violation of an authority, wherein the authority is associated with at least two of a type of incident, a data classification, and a jurisdiction,
wherein the type of incident is selected from a set of incident types including a first incident type of loss or theft of data and a second incident type of illegal access to systems or information and the data classification,
wherein the data classification is selected from a set of data classifications including a first classification of personal information and a second classification of private data, and
wherein the jurisdiction comprises at least one country or at least one state; and
identifying a cyber event in response to identifying the violation;
identifying a playbook of tasks,
wherein the playbook constitutes a response to the cyber event, and
wherein a task of the tasks is assignable to a user group;
receiving, by the processor, from a user of the user group, a completion of the task; 
receiving, by the processor, a proof of completion of the task; 
receiving, by the processor, a first document constituting the authority;
creating, by the processor, one or more playbooks of tasks based on the first document;
receiving, by the processor, a second document constituting a revision of the authority;
identifying, by the processor, differences between the first document and the second document; and
based on the differences, updating, by the processor, at least one of the one or more playbooks of tasks.


All other claims remain unchanged from the last set of claims received by the Applicant on 07/01/2021. 



Allowable Subject Matter
Claims 1-5, 7-13 and 15-21 are allowed. The following is an examiner’s statement of reasons for allowance:

The instant invention is directed towards techniques for security incident response management, comprising receiving a cyber event; identifying a playbook of tasks, where the playbook constitutes a response to the cyber event, and where a task of the tasks is assignable to a user group; receiving, from a user of the user group, a completion of the task; receiving a proof of completion of the task; and generating a compliance report including the task and the proof of completion.

The closest prior art are as follows:

J’Maev (U.S. PGPub. 2004/0054566) discloses techniques for event driven project management. As events are logged, they are presented to a user in order to occurrence. Events trigger tasks or subprojects that are presented to the user interspersed with the event log. Each event log also provides for associated computer files. Computer files are automatically created from database records or are acquired as images. However, unlike the instant invention, J’Maev does not disclose “receiving a first document constituting the authority; creating one or more playbooks of tasks based on the first document; receiving a second document constituting a revision of the authority; identifying differences between the first document and the second document; and based on the differences, updating at least one of the one or more playbook of tasks.”

Holland (U.S. PGPub. 2015/0188787) discloses techniques for an integrated solution for application data layer coverage discovery and gap analysis, comprising systems and methods that receive at information technology management system data from at least two IT management systems, wherein the data identifies resource coverage known to each respective IT management system. However, unlike the instant invention, Holland does not disclose “receiving a first document constituting the authority; creating one or more playbooks of tasks based on the first document; receiving a second document constituting a revision of the authority; identifying differences between the first document and 

Lee et al. (U.S. PGPub. 2016/0012235) discloses techniques for estimating expected loss risk to computers and enterprises based on the data files present on computers and data file clusters within the enterprise. However, unlike the instant invention, Lee does not disclose “receiving a first document constituting the authority; creating one or more playbooks of tasks based on the first document; receiving a second document constituting a revision of the authority; identifying differences between the first document and the second document; and based on the differences, updating at least one of the one or more playbook of tasks.”

The prior art references above, individually or in combination, do not disclose the claimed limitations. For at least these reasons, claims 1-5, 7-13 and 15-21 are allowed.



Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to RODMAN ALEXANDER MAHMOUDI whose telephone number is (571)272-8747.  The examiner can normally be reached on M-F 11:00am – 7:00pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeffrey Pwu can be reached on (571) 272-6798.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through 

/RODMAN ALEXANDER MAHMOUDI/Examiner, Art Unit 2433                                                                                                                                                                                                        
/ANTHONY D BROWN/Primary Examiner, Art Unit 2433