DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Information Disclosure Statement
The information disclosure statement (IDS) submitted on 09/02/2021 is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.

Response to Amendment
Claims 1, 3-8, 10-15 and 17-20 are pending. Claims 1, 8 and 15 are currently amended. Claims 2, 9 and 16 are canceled. 
Applicant’s amendments to the claims will overcome each and every 112(d) rejection previous set forth in the Non-Final Office Action mailed 08/05/2021. 
Response to Arguments
Applicant’s arguments, see pages 8-9, filed 11/01/2021, with respect to 103 rejection have been fully considered and are persuasive.  The 103 rejections of claims 1, 3-8, 10-15 and 17-20 has been withdrawn. 

Allowable Subject Matter
Claims 1, 3-8, 10-15 and 17-20 are allowed.
Examiner’s Statement of Reasons for Allowance
The following is an examiner’s statement of reasons for allowance: After further search and consideration and applicant remarks put forth in the Remarks of 11/01/2021 on pages 8-9, the prior art either taken alone or in combination neither anticipates nor render obvious to the claimed subject matter of the instant application. The prior art Renaud et al. (US Pub No. 2008/0222706) discloses a computer security monitoring method and system includes receiving input data, wherein the input data includes user account data associated with a user's security-related interaction with a particular network, security-related local network data associated with the particular network, and security-related external network data regarding security threats at one or more independent, external networks.  The input data is analyzed to generate at least one composite security status score and adjust the composite security status score when the analysis of the security-related local and external network data indicates an increased security threat.  The method and system may produce human-readable output including an alert associated with the at least one composite security status score. (Renaud, Abstract), McGovern (US Pub No. 2009/0024663) discloses an information security assessment and data risk scoring method.  The disclosed method includes identifying a plurality of parameters relevant to information security of information systems, establishing at least two risk levels associated with each of the plurality of parameters, assigning a numerical score to each of the at least two risk level associated with each of the plurality of parameters, recording the parameters, risk levels and numerical scores into one or more data structures, and assessing and scoring information security of a specified information system and/or collectively for an entire enterprise based at least in part on the one or more data structures. (McGovern, Abstract), Bhargav-Spantzel et al. (US Pub No. 2015/0195301) discloses a context-aware proactive threat management system.  In general, a device may use internal activity data along with data about external activities (e.g., provided by remote resources) for threat assessment and mitigation.  A device may comprise, for example, a hostile environment detection (HED) module to coordinate threat assessment and mitigation. (Bhargav-Spantzel, Abstract), Belfiore, Jr. et al. (US Patent No. 10,387,657) discloses a cybersecurity assessment of an organization's technology infrastructure include identifying features of the technology infrastructure and automatically generating a threat profile relevant to both the technology infrastructure and the organization's business, where the threat profile includes potential threat actors and threat scenarios applicable to the technology infrastructure.  The methods and systems may include evaluating cybersecurity controls of the organization's technology infrastructure in light of the threat profile to identify and rate vulnerabilities within the technology infrastructure. (Belfiore, Abstract), and Hubing et al. (US Patent No. 9,349,014) discloses accessing, by one or more computer systems, internal security information indicative of customer account activity of a customer of an online resource; receiving, by one or more computer systems, external security information; calculating an online security fitness attribute that is indicative of an overall security level of the customer for accessing the online resource; generating, by the one or more computers systems, information indicative of one or more suggested actions to increase the online security fitness attribute, with a suggested action comprising information specifying an amount by which the online security fitness attribute increases following performance of the suggested action; receiving, from the client device, information indicative of performance of one of the one or more suggested actions; and re-calculating by the one or more computer Hubing, Abstract), however, the prior art taken alone or in combination fails to teach or suggest “determine the user specific vulnerability assessment comprising information security threats for the user based on the external data and the internal data; calculate a vulnerability level for the user based on the information security threats; present, via a secured interface, a real-time vulnerability level for the user upon user authentication into the secured interface and include user specific mitigation actions for the user to reduce vulnerability level; distribute the real-time vulnerability level for the user to a third party for user application and authorization into a third party program; and determine the mitigation actions based on the one or more security threats, wherein the mitigation actions comprises steps for user action to positively adjust the vulnerability level for the user comprising security controls for implementation by user to mitigate the one or more security threats” (as recited in claims 1, 8 and 15). Claims are allowed in light of the above claim limitations when in combination with the remaining claim limitations.
Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SHAQUEAL D WADE whose telephone number is (571)270-0357. The examiner can normally be reached M-F 8:00-5:00.

If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kristine Kincaid can be reached on 571-272-4063. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/SHAQUEAL D WADE-WRIGHT/Examiner, Art Unit 2437