DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Response to Amendment
This Office Action is in response to the amendment filed 11/30/2021.
Claims 1-3, 6-10, 13-17, 20-21 are currently amended claims. Claims 1-21 are pending and considered.
The objection of claims 1, 8, 15 due to informalities has been withdrawn in light of applicant’s amendment to the claims.
The rejection of claims 1-21 on the ground of nonstatutory double patenting has been withdrawn in light of applicant’s filed and approved Terminal Disclaimer on 12/30/2021.
Response to Argument
Applicant’s argument, see pages 8-14 of the Remark filed 11/30/2021, with respect to claims over prior arts have been fully considered and are persuasive, further in view of the examiner’s amendments below. Upon examiner’s updated search on the features recited in the claims, examiner believes the case is in condition for allowance. Therefore the rejection under 35 U.S.C. 103 of claims 1-21 has been withdrawn.
Allowable Subject Matter
Claims 1, 4-8, 11-15, 18-21 are allowed.
The following is an examiner’s statement of reasons for allowance: 

Claim 1 (similarly claims 8 and 15) identifies the uniquely distinct features “combining the first system-defined platform information and the at least second system-defined platform information to form system-defined consolidated platform information, wherein the system-defined consolidated platform information independently defines the security-relevant subsystems that are present on the computing platform; obtaining client-defined consolidated platform information for the computing platform from a client information source, the client-defined consolidated platform information identifying the security-relevant subsystems that the client believes are present on the computing platform, wherein the client includes one or more of a user, owner, or operator of the computing platform; and generating a security profile based, at least in part, upon the system-defined consolidated platform information and comparing the system-defined consolidated platform information to the client-defined consolidated platform information to define differential consolidated platform information for the computing platform, the differential consolidated platform identifying a difference between the independently identified security-relevant subsystems and the security-relevant subsystems believed by the client to be present on the computing platform, wherein the client includes one . 
The prior art, Tcherchian et al (US20170118245A1) discloses system and method for aggregating and correlating disparate and unrelated events to enable faster security event detection. In particular Tcherchian teaches contextualizing disparate, unrelated event logs data to identify security incidents indicative of security threats.
The prior art, Kirti et al (US20170251013A1) discloses system and method for discovery and management of application using a security management system to manage access to application for minimizing security threats and risks in computing environment of an organization. In particular Kirti teaches using security monitoring and control system with mobile device management and plurality of security relevant subsystems like MDM and DNS services as security data source for the security monitoring and control system as techniques for discovery and managing security of application.
The prior art, Liang (US20150264011A1) discloses system and method for conducting multiple security tasks to schedule security tasks and collects results of security tasks performed by the security devices with SIEM.
The prior art, Chauhan et al (US20170048264A1) discloses system and method to enable network security analysts and users to efficiently conduct network security investigations and produce useful representation of investigation results. In particular Chauhan teaches using user-generated information to enable user to create investigation timelines to display a collection of events related to a particular network security investigation and produce useful representation of investigation results.
, Bender et al (US20150242619A1) discloses system and method for providing automated security management framework for an enterprise based on enterprise’s operation, infrastructure and user-based processes. In particular Bender teaches identifying data associated with user input and comparing data with security scheme database to provide automated security management framework to address potential security threat.
The prior arts, either singularly or in combination fails to anticipate or render obvious the claimed limitations of claim 1 (similarly claims 8 and 15) of “combining the first system-defined platform information and the at least second system-defined platform information to form system-defined consolidated platform information, wherein the system-defined consolidated platform information independently defines the security-relevant subsystems that are present on the computing platform; obtaining client-defined consolidated platform information for the computing platform from a client information source, the client-defined consolidated platform information identifying the security-relevant subsystems that the client believes are present on the computing platform, wherein the client includes one or more of a user, owner, or operator of the computing platform; and generating a security profile based, at least in part, upon the system-defined consolidated platform information and comparing the system-defined consolidated platform information to the client-defined consolidated platform information to define differential consolidated platform information for the computing platform, the differential consolidated platform identifying a difference between the independently identified security-relevant subsystems and the security-relevant subsystems believed by the client to be present on the computing platform, wherein the client includes one 
Regarding the dependent claims: dependent claims 4-7, 11-14, 18-21 are also allowed for incorporating the allowable feature recited in the respective independent claims.
Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”
Examiner’s Amendment
The application has been amended as follows: 
An Examiner's amendment to the record appears below. Should the changes and/or additions be unacceptable to applicants, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.
Authorization for this examiner’s amendment was given in an interview with Jeffrey T. Placker (617-305-2010) on 12/29/2021 (See PTO-413 interview summary).

PLEASE AMEND THE CLAIMS AS FOLLOWS:
1. (Currently Amended)	A computer-implemented method, executed on a computing device, comprising:
monitoring, by a plurality of security-relevant subsystems, activity with respect to a computing platform, the plurality of security-relevant subsystems including one or 
obtaining first system-defined platform information concerning a first security-relevant subsystem of the plurality of security-relevant subsystems within the computing platform based upon, at least in part, the monitored activity with respect to the computing platform, including monitoring and logging activity of the first security-relevant subsystem by a Security Information and Event Management (SIEM) system;  
obtaining at least a second system-defined platform information concerning at least a second security-relevant subsystem of the plurality of security-relevant subsystems within the computing platform based upon, at least in part, the monitored activity with respect to the computing platform, including monitoring and logging activity of the second security-relevant subsystem by the Security Information and Event Management (SIEM) system;  
combining the first system-defined platform information and the at least second system-defined platform information to form system-defined consolidated platform information, wherein the system-defined consolidated platform information independently defines the security-relevant subsystems that are present on the computing platform; [[and]]
obtaining client-defined consolidated platform information for the computing platform from a client information source, the client-defined consolidated platform information identifying the security-relevant subsystems that the client believes are present on the computing platform, wherein the client includes one or more of a user, owner, or operator of the computing platform; and
generating a security profile based, at least in part, upon the system-defined consolidated platform information and comparing the system-defined consolidated platform information to the client-defined consolidated platform information to define differential consolidated platform information for the computing platform, the differential consolidated platform identifying a difference between the independently identified security-relevant subsystems and the security-relevant subsystems believed by the client to be present on the computing platform, wherein the client includes one or more of a user, owner, and operator of the computing platform, the security profile enabling a comparison of the computing platform to other computing platforms.
2. - 3. (Cancelled)
4. (Previously Presented)	The computer-implemented method of claim 1 wherein the first system-defined platform information and the at least second system-defined platform information are obtained from one or more log files defined for the computing platform.
5. (Previously Presented)	The computer-implemented method of claim 1 wherein the first system-defined platform information and the at least second system-defined platform information are obtained from the first security-relevant subsystem and the at least second security-relevant subsystem.
6. (Currently Amended)	The computer-implemented method of claim [[2]] 1 wherein the client-defined consolidated platform information is obtained from one or more client-completed questionnaires.
1 wherein the client-defined consolidated platform information is obtained from one or more client-deployed platform monitors.
8. (Currently Amended)	A computer program product residing on a non-transitory computer readable medium having a plurality of instructions stored thereon which, when executed by a processor, cause the processor to perform operations comprising:
monitoring, by a plurality of security-relevant subsystems, activity with respect to a computing platform, the plurality of security-relevant subsystems including one or more of Content Delivery Network systems, Database Activity Monitoring systems, User Behavior Analytic systems, Mobile Device Management systems, Identity and Access Management systems, and Domain Name Server systems;
obtaining first system-defined platform information concerning a first security-relevant subsystem of the plurality of security-relevant subsystems within the computing platform based upon, at least in part, the monitored activity with respect to the computing platform, including monitoring and logging activity of the first security-relevant subsystem by a Security Information and Event Management (SIEM) system;  
obtaining at least a second system-defined platform information concerning at least a second security-relevant subsystem of the plurality of security-relevant subsystems within the computing platform based upon, at least in part, the monitored activity with respect to the computing platform, including monitoring and logging activity of the second security-relevant subsystem by the Security Information and Event Management (SIEM) system;  

obtaining client-defined consolidated platform information for the computing platform from a client information source, the client-defined consolidated platform information identifying the security-relevant subsystems that the client believes are present on the computing platform, wherein the client includes one or more of a user, owner, or operator of the computing platform; and
generating a security profile based, at least in part, upon the system-defined consolidated platform information and comparing the system-defined consolidated platform information to the client-defined consolidated platform information to define differential consolidated platform information for the computing platform, the differential consolidated platform identifying a difference between the independently identified security-relevant subsystems and the security-relevant subsystems believed by the client to be present on the computing platform, wherein the client includes one or more of a user, owner, and operator of the computing platform, the security profile enabling a comparison of the computing platform to other computing platforms.
9. - 10. (Cancelled)

12. (Previously Presented)	The computer program product of claim 8 wherein the first system-defined platform information and the at least second system-defined platform information are obtained from the first security-relevant subsystem and the at least second security-relevant subsystem.
13. (Currently Amended)	The computer program product of claim [[9]] 8 wherein the client-defined consolidated platform information is obtained from one or more client-completed questionnaires.
14. (Currently Amended)	The computer program product of claim [[9]] 8 wherein the client-defined consolidated platform information is obtained from one or more client-deployed platform monitors.
15. (Currently Amended)	A computing system including a processor and memory configured to perform operations comprising:
monitoring, by a plurality of security-relevant subsystems, activity with respect to a computing platform, the plurality of security-relevant subsystems including one or more of Content Delivery Network systems, Database Activity Monitoring systems, User Behavior Analytic systems, Mobile Device Management systems, Identity and Access Management systems, and Domain Name Server systems;
obtaining first system-defined platform information concerning a first security-relevant subsystem of the plurality of security-relevant subsystems within the 
obtaining at least a second system-defined platform information concerning at least a second security-relevant subsystem of the plurality of security-relevant subsystems within the computing platform based upon, at least in part, the monitored activity with respect to the computing platform, including monitoring and logging activity of the second security-relevant subsystem by the Security Information and Event Management (SIEM) system;  
combining the first system-defined platform information and the at least second system-defined platform information to form system-defined consolidated platform information, wherein the system-defined consolidated platform information independently defines the security-relevant subsystems that are present on the computing platform; [[and]]
obtaining client-defined consolidated platform information for the computing platform from a client information source, the client-defined consolidated platform information identifying the security-relevant subsystems that the client believes are present on the computing platform, wherein the client includes one or more of a user, owner, or operator of the computing platform; and
generating a security profile based, at least in part, upon the system-defined consolidated platform information and comparing the system-defined consolidated platform information to the client-defined consolidated platform information to define differential consolidated platform information for the computing platform, the differential consolidated platform identifying a difference between the independently identified security-relevant subsystems and the security-relevant subsystems believed by the client to be present on the computing platform, wherein the client includes one or more of a user, owner, and operator of the computing platform, the security profile enabling a comparison of the computing platform to other computing platforms.
16. - 17. (Cancelled)
18. (Previously Presented)	The computing system of claim 15 wherein the first system-defined platform information and the at least second system-defined platform information are obtained from one or more log files defined for the computing platform.
19. (Previously Presented)	The computing system of claim 15 wherein the first system-defined platform information and the at least second system-defined platform information are obtained from the first security-relevant subsystem and the at least second security-relevant subsystem.
20. (Currently Amended)	The computing system of claim [[16]] 15 wherein the client-defined consolidated platform information is obtained from one or more client-completed questionnaires.
21. (Currently Amended)	The computing system of claim [[16]] 15 wherein the client-defined consolidated platform information is obtained from one or more client-deployed platform monitors.


Citation of References
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. The following references are cited but not been replied upon for this office action:
Berry et al (US20160253503A1). Discloses system and method for visualization of security risks by showing counts of security risks found in plurality of applications.
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MICHAEL M LEE whose telephone number is (571)272-1975.  The examiner can normally be reached on M-F: 8:30AM - 5:30PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Shewaye Gelagay can be reached on (571) 272-4219.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you 

/MICHAEL M LEE/Examiner, Art Unit 2436   

/KENDALL DOLLY/Primary Examiner, Art Unit 2436