DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Allowable Subject Matter
Claims 1-7, 10-16 and 21-26 are allowed.


	A complete allowable claim set is provided below (note: claim set dated 03/23/2021 has the missing claim language of claims 2-7 and 10-16): 


Claim 1. (Previously Amended)
A system for evaluating cybersecurity awareness of an organization, comprising: 
an evaluation server comprising a processor and a memory, the memory storing non-transitory machine-readable code to be executed by the processor;
 at least one database storing a plurality of cybersecurity awareness evaluations, the database connected to the evaluation server;
 a plurality of clients connected to the evaluation server, each of said clients comprising a processor, a memory and a display and configured to present at least one of the cybersecurity awareness evaluations to a user of said organization, said evaluation comprising output via the display of a set of pre-determined cybersecurity 
said machine-readable code configured to cause, when executed, said processor of said evaluation server to generate one or more scoring results of the cybersecurity awareness evaluations based upon the selected offensive and defensive actions of said user; and
 an evaluation dashboard including at least one graphical user interface configured to display selected ones of the scoring results, the scoring results including a plurality of offensive component scores, each offensive component score corresponding to each user selection from said set of pre-determined cybersecurity offensive actions, -2- JZ-W-0134Appl. No.16/172,276 FiledOctober 26, 2018a plurality of defensive component scores, each defensive component score corresponding to each user selection from said set of pre-determined cybersecurity defensive actions, a composite offensive score based on said plurality of offensive component scores, and a composite defensive score based on said  plurality of defensive component scores.

Claim 2. (Original) The system of claim 1, wherein the server is further configured to determine and the evaluation dashboard is configured to display a defensive component score for all defensive actions of the users DefAll.sub.i: 

    PNG
    media_image1.png
    72
    197
    media_image1.png
    Greyscale

where P.sub.k,j is a scoring weight for defensive actions, where each action DA.sub.k has been played and is active and where M is the total number of possible offensive actions.

Claim 3. (Original) The system of claim 1, wherein the server is further configured to determine and the evaluation dashboard is configured to display a defensive component score for effective defensive actions DefEff1.sub.i associated with behavior i for the user for at any point during an evaluation: 



    PNG
    media_image2.png
    72
    199
    media_image2.png
    Greyscale
 -3- rsw-5687Appl. No.16/172,276 FiledOctober 26, 2018 
where each offensive action OA.sub.j has been blocked, M is the number of blocked offensive actions and .OMEGA..sub.j,I is a scoring weight for offensive actions.  



    PNG
    media_image3.png
    74
    172
    media_image3.png
    Greyscale
Claim 4. (Original) The system of claim 1, wherein the server is further configured to determine and the evaluation dashboard is configured to display a component offensive score OffAll.sub.i associated with behavior i at any point during an evaluation:  
where offensive action OA.sub.j has been played and .OMEGA..sub.j,i is a scoring weight for offensive actions.  

Claim 5. (Original) The system of claim 1, wherein the server is further configured to determine and the evaluation dashboard is configured to display a component offensive effectiveness score OffEff1.sub.i associated with behavior i for at any point during an evaluation is 

    PNG
    media_image4.png
    74
    183
    media_image4.png
    Greyscale

where each action OA.sub.j has been played and is successful by being not blocked and .OMEGA..sub.j,i is a scoring weight for offensive actions.  

Claim 6. (Original) The system of claim 1, wherein the server is further configured to determine and the evaluation dashboard is configured to display a composite behavior score BAll1.sub.i: BAll.sub.i = DefAll.sub.i / P.sub.Ave + OffAll.sub. i /.OMEGA..sub.Ave , where P.sub.Ave is an average scoring weight for defensive 

    PNG
    media_image5.png
    72
    197
    media_image5.png
    Greyscale
  

where P.sub.k,j is a scoring weight for defensive actions, DA.sub.k is one of K defensive actions associated with offensive action, OA.sub.j, and where a component offensive score OffAll.sub.i associated with behavior i at any point during an evaluation is:   

    PNG
    media_image3.png
    74
    172
    media_image3.png
    Greyscale


where offensive action OA.sub.i has been played and .OMEGA..sub.j,i is a scoring weight for offensive actions.  


Claim 7. (Original) The system of claim 1, wherein the server is further configured to determine and the evaluation dashboard is configured to display a composite effectiveness score BEff1.sub.i: -5- 
BEff1.sub.i= rsw-5687Appl. No.16/172,276 FiledOctober 26, 2018 DefEff1.sub.i/.OMEGA..sub. Ave + OffEff1.sub.i/ .OMEGA..sub.Ave,
 1.sub.i associated with behavior i for the user for at any point during an evaluation is: 

    PNG
    media_image6.png
    72
    199
    media_image6.png
    Greyscale

 where each offensive action OA.sub.i has been blocked, M is the number of blocked offensive actions, and .OMEGA..sub.j,i, is a scoring weight for offensive actions, and a component offensive effectiveness score OffEff 1.sub.i associated with behavior i for at any point during an evaluation is:   

    PNG
    media_image7.png
    74
    183
    media_image7.png
    Greyscale

where each action OA.sub.j has been played and is successful by being not blocked.

Claim 10. (Original) The system of claim 1, wherein the server is further configured to determine and the evaluation dashboard is configured to display a current risk mitigation score CRM(r): -6- rsw-5687Appl. No.16/172,276 FiledOctober 26, 2018  

    PNG
    media_image8.png
    71
    323
    media_image8.png
    Greyscale

where each offensive action OA.sub.j that could theoretically be blocked by some defensive action DA.sub.k  that has been played in a current round r, where M is a total number of possible offensive actions, K is the total number of defensive actions played 

Claim 11. (Original) The system of claim 10, wherein the server is further configured to determine and the evaluation dashboard is configured to display a total risk mitigation score TRM(r) for any given round r: 
    PNG
    media_image9.png
    114
    589
    media_image9.png
    Greyscale
  

Claim 12. (Original) The system of claim 1, wherein the server is further configured to determine and the evaluation dashboard is configured to display a kill chain alignment score KCA(r) at some round r during the evaluation: -7- rsw-5687Appl. No.16/172,276 FiledOctober 26, 2018 
    PNG
    media_image10.png
    71
    538
    media_image10.png
    Greyscale
 
where KCA(0) = 0, KCA(R) is the user's score at the end of the evaluation, r = [1, R], R is a number of rounds played, p is a kill chain phase, with p = [1, P], KCCp(r) is a kill chain count, which is a number of defensive actions played during a given round r and for a given phase p, KCR.sub.p (r) is kill chain remaining, which is a total number of 


    PNG
    media_image11.png
    23
    318
    media_image11.png
    Greyscale


where  

    PNG
    media_image12.png
    48
    322
    media_image12.png
    Greyscale

 
and .tau..sub.p is the total number of defensive actions at the start of the evaluation for phase .rho. and, .sigma..sub.p(r) is a phase weight for phase p during some round r.  

13. (Original) The system of claim 1, wherein the server is further configured to determine and the evaluation dashboard is configured to display a defensive awareness score DefAwr as: -8- rsw-5687Appl. No.16/172,276 


    PNG
    media_image13.png
    69
    165
    media_image13.png
    Greyscale


FiledOctober 26, 2018 where .beta..sub.k is a defensive awareness weight of some action DA.sub.K that is classified as a defensive awareness action of the user at some point during the 

Claim 14. (Original) The system of claim 1, wherein the server is further configured to determine and the evaluation dashboard is configured to display a defensive readiness score:

 
    PNG
    media_image14.png
    72
    206
    media_image14.png
    Greyscale
 
where offensive action each OA.sub.j against the user and that could theoretically be blocked by some defensive action DA.sub.k of the user, M is a total number of offensive actions against the user, K is a total number of defensive actions of the user, and .alpha..sub.j,k is a scoring weight related to the offensive action OA.sub.j that could be theoretically blocked by any of the DA.sub.k defenses of the user during the evaluation.  


Claim 15. (Original) The system of claim 1, wherein the server is further configured to determine and the evaluation dashboard is configured to display a defensive results score DefRes: 

    PNG
    media_image15.png
    23
    153
    media_image15.png
    Greyscale
 
where d.sub.res is a vector of weights and r is a results vector defined as: -9- rsw-5687Appl. No.16/172,276 FiledOctober 26, 2018 

    PNG
    media_image16.png
    92
    230
    media_image16.png
    Greyscale


where y/Y is a ratio between a number of the user's successfully defended data versus a total number of data targets assigned to that user, and z/Z is a ratio between a number of the user's undisclosed intel targets versus the total number of data targets assigned to that user.  


Claim 16. (Original) The system of claim 1, wherein the server is further configured to determine and the evaluation dashboard is configured to display a offensive results score OffRes:
 
    PNG
    media_image17.png
    19
    149
    media_image17.png
    Greyscale
 
where ores is a vector of weights and s is a vector of results, where s 
is:   


    PNG
    media_image18.png
    101
    134
    media_image18.png
    Greyscale


where i is a number of intel pieces gathered by the user at the end of the evaluation, I is a total number of intel pieces available, c.sub.avg is an average number 

Claim 21. (Previously Amended) The system of claim 1, wherein the server is further configured to determine and the evaluation dashboard is configured to display a composite tactical score of said user.
  
Claim 22. (Previously Amended) The system of claim 1, wherein the server is further configured to determine and the evaluation dashboard is configured to display an overall awareness score of said user.  

Claim 23. (Previously Amended) The system of claim 21, wherein the server is configured to determine one or more defensive scores for said user based upon the one or more defensive actions by said user, to determining one or more offensive scores for said user based upon the one or more offensive actions by said user, and wherein said composite tactical score of said user comprises a weighted combination of said one or more defensive and offensive scores of said user.  



Claim 25. (Previously Presented) A system for evaluating cybersecurity awareness of an organization, comprising: 
an evaluation server comprising a processor and a memory, the memory storing non-transitory machine-readable code to be executed by the processor; -4- JZ-W-0134Appl. No.16/172,276 FiledOctober 26, 2018
at least one database storing a plurality of cybersecurity awareness evaluations, the database connected to the evaluation server; 
a plurality of clients connected to the evaluation server, each of said clients comprising a processor, a memory and a display and configured to present at least one of the cybersecurity awareness evaluations to a user of said organization and receive inputs from said user, the user inputs comprising user selections of cybersecurity offensive actions and cybersecurity defensive actions; 
said machine-readable code configured to cause, when executed, said processor of said evaluation server to generate one or more scoring results of the cybersecurity awareness evaluations based upon the selected offensive and defensive actions of the users; and 
an evaluation dashboard including at least one graphical user interface configured to display selected ones of the scoring results, the scoring results including a plurality of offensive component scores for at least one of the users, a plurality of 
wherein said server is further configured to determine and said evaluation dashboard is configured to display a composite tactical score of said user, said composite tactical score comprises CompTac, wherein:
 -5- JZ-W-0134Appl. No.16/172,276 FiledOctober 26, 2018 
    PNG
    media_image19.png
    20
    176
    media_image19.png
    Greyscale
 
where .omega..sub.tac is a vector of tactics component weights and t is a vector of tactics component scores, where t is defined as: 


    PNG
    media_image20.png
    113
    118
    media_image20.png
    Greyscale
 

where defensive awareness DefAwr is:
  
    PNG
    media_image21.png
    69
    165
    media_image21.png
    Greyscale
 

where .beta..sub.k is a defensive awareness weight of some action DA.sub.k that is classified as a defensive awareness action and of the user at some point during the 

 
    PNG
    media_image14.png
    72
    206
    media_image14.png
    Greyscale
 
where each offensive action OA.sub.j against the user and that could theoretically be blocked by some defensive action DA.sub.j of the user, M is a total number of offensive actions against the user, K is a total number of defensive actions of the user, and .alpha..sub.j,k is a scoring weight related to the offensive action OA.sub.j  that could be theoretically blocked by any of the DA.sb.j defenses of the user during the -6- JZ-W-0134Appl. No.16/172,276 FiledOctober 26, 2018evaluation, where defensive proactiveness is DefPro is: DefPro = 1 - DefRect , where DefRect is: 

    PNG
    media_image22.png
    68
    165
    media_image22.png
    Greyscale
 
where .alpha..sub.j,k is the defensive reactiveness of some action DA.sub.k of the user at some point during the evaluation, K is a total number of defensive actions of all types of the user throughout the evaluation, where DefRes is:
  
    PNG
    media_image15.png
    23
    153
    media_image15.png
    Greyscale
 
where d.sub.res is a vector of weights and r is a evaluation results vector defined as: 

    PNG
    media_image23.png
    98
    256
    media_image23.png
    Greyscale


 where y/Y is a ratio between a number of the user's successfully defended data versus a total number of data targets assigned to the user, and z/Z is a ratio between a number of the user's undisclosed intel targets versus the total number of data targets assigned to the user, and where OffRes is: 
 
    PNG
    media_image17.png
    19
    149
    media_image17.png
    Greyscale

 where o.sub.res is a vector of weights and s is a vector of evaluation results, where s is:
  
    PNG
    media_image24.png
    101
    134
    media_image24.png
    Greyscale
 -7- JZ-W-0134Appl. No.16/172,276 FiledOctober 26, 2018 
where i is a number of intel pieces gathered by the user at the end of the evaluation, I is a total number of intel pieces available, c.sub.avg is an average number of possible values that each piece of intel can assume, h is a total number of successful hacks performed by the user, H is a total number of successful hacks performed by the user, o is ta total number of other users' objectives successfully hacked by the user, 0 is a total number of other users' objectives, and L is a number of successful hacks performed by the user when the user had not yet gathered the corresponding intel and thus had to guess at the value.  


an evaluation server comprising a processor and a memory, the memory storing non-transitory machine-readable code to be executed by the processor; 
at least one database storing a plurality of cybersecurity awareness evaluations, the database connected to the evaluation server; 
a plurality of clients connected to the evaluation server, each of said clients comprising a processor, a memory and a display and configured to present at least one of the cybersecurity awareness evaluations to a user of said organization and receive inputs from said user, the user inputs comprising user selections of cybersecurity offensive actions and cybersecurity defensive actions; -8- JZ-W-0134Appl. No.16/172,276 FiledOctober 26, 2018 
said machine-readable code configured to cause, when executed, said processor of said evaluation server to generate one or more scoring results of the cybersecurity awareness evaluations based upon the selected offensive and defensive actions of the users; and 
an evaluation dashboard including at least one graphical user interface configured to display selected ones of the scoring results, the scoring results including a plurality of offensive component scores for at least one of the users, a plurality of defensive component scores for the at least one of the users, at least one composite offensive score for the at least one of the users and at least one composite defensive score for the at least one of the users, the composite offensive score being determined based on a plurality of the offensive component scores and the composite defensive score being determined based on a plurality of the defensive component scores; 

  
    PNG
    media_image25.png
    17
    85
    media_image25.png
    Greyscale
 
where w is a vector of weights and c is a vector of score components defined as: 


c  = [ CompAll CompEff DefPos TRM KCA CompTac ]
where CompAll is: -9- JZ-W-0134Appl. No.16/172,276 

FiledOctober 26, 2018 
    PNG
    media_image26.png
    68
    211
    media_image26.png
    Greyscale
 
where Y.sub.i is an importance weighting factor for behavior I, Ball.sub.i = DefAll.sub.i/P.sub.Ave + OffAll.sub.i/.OMEGA..sub.Ave , where P.sub.ave is an average scoring weight for defensive actions, where .OMEGA..sub.Ave is an average scoring weight for offensive actions, where a component defensive score for all defensive actions of the user DefAll.sub.i: 

    PNG
    media_image1.png
    72
    197
    media_image1.png
    Greyscale
 
where P.sub.k,j is a scoring weight for defensive actions, DA.sub.k is one of K defensive actions associated with offensive action, OA.sub.j, and where a component 

  
    PNG
    media_image27.png
    74
    172
    media_image27.png
    Greyscale
 
where offensive action OA.sub.j has been taken and .OMEGA..sub.j,i is a scoring weight for offensive actions where CompEff:

  
    PNG
    media_image28.png
    68
    224
    media_image28.png
    Greyscale
 
where   -10- JZ-W-0134Appl. No.16/172,276 FiledOctober 26, 2018 


    PNG
    media_image29.png
    50
    267
    media_image29.png
    Greyscale


where .OMEGA..sub.Ave is an average scoring weight for offensive actions, where a component defensive score for effective defensive actions DefEff1.sub.i associated with behavior i for the user for at any point during an evaluation is: 

    PNG
    media_image30.png
    72
    199
    media_image30.png
    Greyscale
 
where each offensive action OA.sub.i has been blocked, M is the number of blocked offensive actions, and .OMEGA..sub.j,i is a scoring weight for offensive actions, 

  
    PNG
    media_image31.png
    74
    183
    media_image31.png
    Greyscale
 
where each action OA.sub.j has been taken and is successful by being not blocked, where DefPos is:

  
    PNG
    media_image32.png
    72
    242
    media_image32.png
    Greyscale
 
for each possible OA.sub.j and where DA.sub.k has been taken and is active, M is the total number of possible offensive actions, where TRM is: 
a total risk mitigation score TRM(r) for any given round r:
  
    PNG
    media_image33.png
    114
    589
    media_image33.png
    Greyscale
 -11- JZ-W-0134Appl. No.16/172,276 FiledOctober 26, 2018 
    PNG
    media_image8.png
    71
    323
    media_image8.png
    Greyscale
 
where each offensive action OA.sub.j that could theoretically be blocked by some defensive action DA.sub.k that has been played in a current round r, where M is a total 
where KCA is: 
    PNG
    media_image10.png
    71
    538
    media_image10.png
    Greyscale
 
where KCA(O) = 0, KCA(R) is the user's score at the end of the evaluation, r = [1, R], R is a number of rounds played, p is a kill chain phase, with p = [1, P], KCC.sub.p(r) is a kill chain count, which is a number of defensive actions taken during a given round r and for a given phase p, KCR.sub.p(r) is kill chain remaining, which is a total number of defensive actions available but not yet taken by a given user at an end of a given round r and for a given phase p, where:

  
    PNG
    media_image11.png
    23
    318
    media_image11.png
    Greyscale

 Where

  
    PNG
    media_image34.png
    48
    322
    media_image34.png
    Greyscale

 and .tau..sub.p is the total number of defensive actions at the start of the evaluation for phase .rho. and .sigma..sub.p (r) is a phase weight for phase p during some round r.




Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee. Such submissions should be clearly labeled "Comments on Statement of Reasons for Allowance".


Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SUMAN DEBNATH whose telephone number is (571)270-1256. The examiner can normally be reached Mon-Fri; 9:00am-5:00pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Farid Homayounmehr can be reached on 571-272-3739. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is 

SUMAN DEBNATH
Patent Examiner
Art Unit 2495



/S.D/Examiner, Art Unit 2495      

/FARID HOMAYOUNMEHR/Supervisory Patent Examiner, Art Unit 2495