DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This written action is responding to the amendment dated on 09/24/2021.
Claims 1, 8, and 15 have been amended and all other claims are previously presented.
Claims 2, 9 and 16 have been canceled.
Claims 21-23 have been added.
Claims 1, 3-8, 10-15 and 17-23 are submitted for examination.
Claims 1, 3-8, 10-15 and 17-23 are pending.
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.

Response to Arguments
Applicant’s amendment filed on September 24, 2021 has claims 1, 8, and 15 amended, claims 2, 9 and 16 canceled, claims 21-23 added, and all other claims are previously presented. Among the amended claims, claims 1, 8 and 15 are independent ones, and thus, the amendment necessitates a new ground of rejection.
Applicant’s remark, filed on September 24, 2021 at page 7, indicates, “Claim 8 stands objected to for the term, "computer-readable medium." Applicant has amended the claim to recite "non-transitory computer-readable medium" as recommended by the Examiner. Withdrawal of the objection is respectfully requested.
Applicant’s argument has been considered and is found persuasive. Therefore, claim 8 objection has been withdraw.
Applicant’s remark, filed on September 24, 2021 at page 7, indicates, Claims 1-20 stand rejected under 35 U.S.C. § 101 for allegedly being directed to non-statutory subject matter. Claim 1, as amended, recites in part, "ranking, based on the risk-index, the at least one network user along with the plurality of network users to create a list of a subset of the plurality of network users upon which to focus security resources" and "displaying the ranked list." Applicant respectfully requests reconsideration in light of the amendments made herein and the following remarks.
Applicant’s argument has been considered and is found persuasive in light of the amendments. Therefore, the rejection under 35 U.S.C. 101 to claims 1-20 has been withdrawn. 
Applicant’s remark, filed on September 24, 2021, on pages 11-12, indicates, “Claims 1-20 stand rejected under 35 U.S.C. § 103 for allegedly being unpatentable over Rambo et al. (US 10,084,809, "Rambo") in view of Voss (US 7,552,480, "Voss"). Applicant respectfully traverses this rejection. Claim 1, as amended, recites in part, "determining a targetedness of the one or more cyber-security attacks, and wherein the threat score calculated for each of the one or more cyber-security attacks is based on the 
Applicant’s argument has been considered and is found persuasive. Therefore, applicant’s amendment necessitates a new ground of rejection. 
Applicant’s argument has been considered and is found persuasive. Therefore, applicant’s amendment necessitates a new ground of rejection.  Accordingly, a new ground of rejection based on the newly identified prior-art by Parker (US 9,661,003) has been applied to the amendment.
Specifically, Parker discloses a system and method for identifying and analyzing cyber-attacks and profiling adversaries responsible for such attacks. Further quantitative data from raw cyber-attack data and determining if a cyber-attack is associated with a known adversary and/or known adversary behavior. In one embodiment, the following metrics will be analyzed in order to have a better understanding of the nature of the attack: Adversary Sophistication Level, Attack Objectives, Attack Targeting (i.e. “targetedness”) and Technological Specifics. Specifically, Attack Objectives and Attack Targeting bring the necessary data to know the adversary, target selection (small or big group, position within the organization), intention, and nature. (See Columns 4 and 5). Thus, Examiner submits that Parker teaches the amended feature limitation, “determining a targetedness of the one or more cyber-security attacks, … each of the one or more cyber-security attacks is based on the determined targetedness associated with the corresponding cyber-security attack of the one or more cyber-security attacks”. 
In addition, Rambo is relied to teach the process of determining of risk index or score based on the threat score, vulnerability and privilege. (See Columns 4-6 and above rejection).  The combination of Rambo and Parker discloses amended claim 1.
Applicant’s remarks regarding amended independent claims 8 and 15 has been considered and is addressed based on the same rationale presented for the amended claim 1. Please refer to the rejection to the claims in details below.
Applicant further recites similar remarks as listed above for dependent claims, 3-7, 10-14, and 16-20. Please refer to the aforementioned response, which addresses how the 
Applicant’s remark, filed on September 24, 2021 at page 12, indicates, “Claims 21-23 have been added. No new matter has been added. Support for these claims may be found throughout the filed specification and figures. Rambo, Voss, or any combination thereof fails to disclose, teach, or suggest these features.” 
Applicant’s argument has been considered and is found persuasive. Therefore, applicant’s newly added claims necessitates a new ground of rejection. Accordingly, a new ground of rejection based on the newly identified prior-art by Shultz et al. (US 2015/0381649) has been applied to the newly added claims.
	Specifically, Shultz discloses, systems, apparatuses, and methods related to modeling risk as the probabilistic likelihood of loss, including financial loss, resulting from damage to a physical system, virtual system, data, and/or information assets in a computer network based on one or more cyber-attacks. In addition, teaches a “Threat agent”, in various embodiments, is a specific attacker with actors or a threat group category with category properties whose likelihood of attack varies on factors including, but not limited to, geography, industry segment, political preferences, government affiliation, and relation to financial events or activist causes. The threat agent can be used to normalize the likelihood of attack on the targeted organization based on its industry segment, location and relation to world or local events (See Parag. [0038]). Thus, Examiner submits that Shultz teaches the newly added feature limitation, “the computer-implemented method of claim 1, wherein the targetedness is based on geographic specificity”, and the combination of Rambo, Parker, and Shultz discloses newly added claim 21.
Regarding newly added dependent claims 22 and 23 has been considered and is addressed based on the same rationale presented for the amended claim 21. Please refer to the rejection to the claims in details below.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

  Claims 1, 4, 6-8, 11, 13-15, 18 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Rambo et al. (US 10,084,809) hereinafter Rambo in view of Parker (US 9,661,003).
As per Claim 1, Rambo teaches a computer-implemented method for assessing cyber-security risk (Rambo, Col. 1, lines 30-34; “In another aspect, a computer-implemented method is disclosed. The method includes receiving a vulnerability, generating a user score for each of a plurality of users within an enterprise, and generating a threat score for the vulnerability.”):
determining a privileged index for each of a plurality of network users (Rambo, Col. 5, lines 36-42; “Generating a user score (operation 205) also includes determining user characteristics (operation 248). User characteristics include, for example, one or more of the following: position of the user within the enterprise (e. g., C-level executive, middle manager, board member, etc.), level of seniority of the user within the enterprise, and access clearance of the user.” … Col. 9, line 66 to Col. 10, line 2; “generate a user score for each of a plurality of users within an enterprise, wherein the user score is generated based on a set of characteristics including: behavioral data, user device data, and user status data.”);
determining a vulnerability index for each of the plurality of network users (Rambo, Col. 4, lines 42-53; “the example method 200 begins by acquiring a vulnerability (operation 202). As mentioned above, vulnerabilities include weaknesses of, for example, operating systems, firmware, particular software applications, and the like. The vulnerability may be publicly announced or privately identified by the enterprise. In some embodiments, the vulnerability is acquired manually, such as when an enterprise-specific cyber threat team member identifying the vulnerability or a risk is identified on a public news channel. In some embodiments, the vulnerability is acquired automatically, such as when a vulnerability is received from a third party vendor or governmental agency”.  Col. 6 lines 6-18; “A given vulnerability may only affect smart phones with a particular operating system, such as smart phones with the BlackBerryTM operating system. Determining the number of devices affected (operation 260) includes identifying what the vulnerability affects and then calculating the number of devices within the enterprise that have an operating system, software, firmware, etc., that would be potentially impacted by the vulnerability. By identifying the types of devices affected, and by knowing the number of each type of device used within the enterprise, the number of devices within the enterprise affected by the vulnerability can be determined...”.  Claim 7; “…the internal vulnerability score is generated based on a system or a device type affected by the vulnerability.”);
calculating a threat score for one or more cyber-security attacks directed at each of the plurality of network users (Rambo, Col. 2, lines 49-52; “Depending on the nature and sophistication of the threat, the user devices may be vulnerable to malicious actors capable of compromising sensitive or confidential data of the user and the enterprise”. Rambo, Col. 5, lines 62-67; “Referring again to FIG. 3, a threat score is also generated (operation 206) after receiving the vulnerability (operation 202). Generating a threat score (operation 206) is shown in greater detail in FIG. 5 and includes determining a number of devices affected (operation 260), determining a number of users affected (operation 262).”), wherein calculating the threat score further comprises: [determining a targetedness of the one or more cyber-security attacks], and wherein the threat score calculated [for each of the one or more cyber-security attacks is based on the determined targetedness associated with the corresponding cyber-security attack of the one or more cyber-security attacks]; and
Rambo, Col. 4, lines 4-10; “User profile module 108 generates a ranking for one or more users and/or user devices 102 within the enterprise. The user profile module 108 may generate user profiles on demand, such as when requested by the threat manager 106 based on a particular vulnerability. Based on the profiles of the user and/or user devices, the user profile module 108 determines a risk score.” Rambo, Col. 5, lines 36-42; “Generating a user score (operation 205) also includes determining user characteristics (operation 248). User characteristics include, for example, one or more of the following: position of the user within the enterprise (e. g., C-level executive, middle manager, board member, etc.), level of seniority of the user within the enterprise, and access clearance of the user”.  Col. 6 lines 6-18; “A given vulnerability may only affect smart phones with a particular operating system, such as smart phones with the BlackBerryTM operating system. Determining the number of devices affected (operation 260) includes identifying what the vulnerability affects and then calculating the number of devices within the enterprise that have an operating system, software, firmware, etc., that would be potentially impacted by the vulnerability. By identifying the types of devices affected, and by knowing the number of each type of device used within the enterprise, the number of devices within the enterprise affected by the vulnerability can be determined...”.  Col. 10, lines 5-7, “based on the user score and the threat score, generate a composite score for each of the plurality of users within the enterprise”);
Rambo, Col. 4, lines 4-10; “User profile module 108 generates a ranking for one or more users and/or user devices 102 within the enterprise. The user profile module 108 may generate user profiles on demand, such as when requested by the threat manager 106 based on a particular vulnerability. Based on the profiles of the user and/or user devices, the user profile module 108 determines a risk score.”), the at least one network user along with the plurality of network users to create a list of a subset of the plurality of network users upon which to focus security resources (Rambo, Col. 6, line 64 to Col. 7, line 2; “These rankings may be in order from low priority to high priority, or low risk to high risk, where the ranking is based on the composite score and/or the user score. Thereby, a score for a user and/or user device may be blended with the threat score to determine a per-threat, per-user, and/or per-user device prioritization of security measures.” … Col. 7, lines 14-23; “After acquiring the security measure (operation 212) and generating a ranking (operation 210), the security measure is implemented (operation 216). Referring now to FIG. 6, implementing a security measure (operation 216) includes determining priority for the patch (operation 280), publishing the patch (operation 282), determining compliance (operation 284), determining whether the security measure has been implemented (operation 286), and executing device intervention (operation 288). Other embodiments may include more or fewer operations.”); and
displaying the ranked list (Rambo, Col. 6, line 64 to Col. 7, line 2; “These rankings may be in order from low priority to high priority, or low risk to high risk, where the ranking is based on the composite score and/or the user score. Thereby, a score for a user and/or user device may be blended with the threat score to determine a per-threat, per-user, and/or per-user device prioritization of security measures.”  Rambo, Col. 9, lines 26-30; “the mass storage device 814 and/or the RAM 810 can store software instructions that, when executed by the CPU 802, cause the example computing device 801 to display received data on the display screen of the example computing device 801.” Examiner submits that user’s rank list is part of the data (received by the system) that is analyzed and displayed in order to protect the user and devices.)
However, Rambo does not expressly teaches:
… determining a targetedness of the one or more cyber-security attacks, and …  each of the one or more cyber-security attacks is based on the determined targetedness associated with the corresponding cyber-security attack of the one or more cyber-security attacks;
But, Parker teaches:
… determining a targetedness of the one or more cyber-security attacks, and … each of the one or more cyber-security attacks is based on the determined targetedness associated with the corresponding cyber-security attack of the one or more cyber-security attacks (Parker, Col. 4, line 62 to Col. 5, line 15; “Attack Objectives: methods for identifying observable objectives of a cyber-attack are significant as they often indicate the intent of the adversary. Generally speaking, discreet subsets of adversaries will have differing intents. For example, the intent of organized crime groups engaged in cyber-attacks is typically financially motivated. Therefore, if an attack can be quantitatively identified as being intended to target financial data, such a measure may be utilized to conclude the nature of the adversary responsible, or at least narrow attribution to a subset of known adversaries. (3) Attack Targeting: methods for quantitatively observing the level of cyber-attack targeting will often provide valuable data regarding the nature of the cyber-attack and adversary. Many cyber-attacks are launched against broad sets of victims, while others are highly surgical in nature and target small groups of individuals or organizations in key positions consistent with the objectives of the adversary. Observation of attack targeting therefore provides key data that can augment other data regarding the objectives of a cyber-attack.”);
Rambo and Parker are from similar field of technology. Prior to the instant application’s effective filling date, there was a need for performing threat detection and risk– index scoring.
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Parker’s system into Rambo’s system, with a motivation to provide cyber-attack identification and to the profiling of cyber-attackers or adversaries (Parker, Col. 1, lines 13-14) in order to managing security risks to user devices within an enterprise (Rambo, Col. 1, lines 17-18).

As per claim 4, the combination of Rambo and Parker teaches the computer- implemented method of claim 1. Rambo further teaches wherein the privileged index for each of the plurality of network users is based on a level of network access rights associated with the network user (Rambo, Col. 5, lines 36-42; “Generating a user score (operation 205) also includes determining user characteristics (operation 248). User characteristics include, for example, one or more of the following: position of the user within the enterprise (e. g., C-level executive, middle manager, board member, etc.), level of seniority of the user within the enterprise, and access clearance of the user.” … Col. 9, line 66 to Col. 10, line 2; “generate a user score for each of a plurality of users within an enterprise, wherein the user score is generated based on a set of characteristics including: behavioral data, user device data, and user status data.”).

As per claim 6, the combination of Rambo and Parker teaches the computer- implemented method of claim 1. Rambo further teaches wherein the vulnerability index determined for each of the plurality of network users is based on the associated network user's performance on one or more security audits (Rambo, Col. 1, lines 30-34; “a computer-implemented method is disclosed. The method includes receiving a vulnerability, generating a user score for each of a plurality of users within an enterprise, and generating a threat score for the vulnerability…” … Col. 4, lines 54-59; “The person or persons receiving the vulnerability log the vulnerability in a database. When the vulnerability is automatically received, the vulnerability is automatically logged in a database. The database log may include data about the vulnerability, such as source, date received, devices or software affected, etc. Other data are possible…” … Col. 4, lines 63-67; “Generating a user score (operation 204) is shown in greater detail in FIG. 4 and includes determining behavior patterns (operation 242), determining access patterns (operation 244), and determining user characteristics (operation 248).”).

7, the combination of Rambo and Parker teaches the computer-implemented method of claim 1. Rambo further teaches wherein the vulnerability index determined for each of the plurality of network users is based on: a frequency of interaction with threat vectors, or detected vulnerabilities in user software (Rambo, Col. 1, lines 30-34; “a computer-implemented method is disclosed. The method includes receiving a vulnerability, generating a user score for each of a plurality of users within an enterprise, and generating a threat score for the vulnerability…” Col. 2, lines 42-44; “Security risks include vulnerabilities and weaknesses of, for example, operating systems, firmware, particular software applications, and the like.”).

As per claim 8, it is a system claim that recites limitations similar to those of claim 1, and therefore, it is rejected for the same rationale applied to claim 1. In addition, Rambo teaches one or more processors (Rambo, Col. 8, lines28-32; “the example computing device 801 includes at least one central processing unit (“CPU”) 802, a system memory 808, and a system bus 822 that couples the system memory 808 to the CPU 802.”);
a network interface coupled to the one or more processors (Rambo, Col. 9, lines 5- 8; “The example computing device 801 may connect to the network 103 through a network interface unit 804 connected to the system bus 822.”); and
a computer-readable medium coupled to the one or more processors, wherein the medium comprises instructions stored therein, which when executed by the processors, cause the processors to perform operations comprising (Rambo, Col. 1, lines 43-46; “… a computer-readable, non-transitory data storage memory comprising instructions. The instructions, when executed by a processing unit of an electronic computing device, cause the processing unit to: …”).

As per claim 11, the rejection of claim 8 is incorporated. In addition, it is a system claim that recites limitations to those of claim 4, and therefore it is rejected for the same rationale applied to claim 4.

As per claim 13, the rejection of claim 8 is incorporated. In addition, it is a system claim that recites limitations to those of claim 6, and therefore it is rejected for the same rationale applied to claim 6.

As per claim 14, the rejection of claim 8 is incorporated. In addition, it is a system claim that recites limitations to those of claim 7, and therefore it is rejected for the same rationale applied to claim 7.

As per claim 15, it is a non-transitory computer-readable storage medium claim that recites limitations similar to those of claim 1, and therefore it is rejected for the same rationale applied to claim 1. In addition, Rambo teaches the non-transitory computer- readable storage medium comprising instructions stored therein, which when executed by one or more processors, cause the processors to perform operations (Rambo, Col. 1, lines 43-46; “… a computer-readable, non-transitory data storage memory comprising instructions. The instructions, when executed by a processing unit of an electronic computing device, cause the processing unit to: …”).

As per claim 18, the rejection of claim 15 is incorporated. In addition, it is a non- transitory computer-readable storage medium claim that recites limitations to those of claim 4, and therefore it is rejected for the same rationale applied to claim 4.

As per claim 20, the rejection of claim 15 is incorporated. In addition, it is a non-transitory computer-readable storage medium claim that recites limitations to those of claim 6, and therefore it is rejected for the same rationale applied to claim 6.

Claims 3, 5, 10, 12, 17 and 19 are rejected under 35 U.S.C. 103 as being unpatentable over Rambo et al. (US 10,084,809) hereinafter Rambo in view of Parker (US 9,661,003) as applied to claim 1 above, and further in view of Voss et al. (US 2015/0381649) hereinafter Schultz.
As per claim 3, the combination of Rambo and Parker teaches the computer-implemented method of claim 1, wherein the threat score calculated for each of the one or more cyber-security attacks [is based on a threat type associated with the cyber-security attack]
However, the combination of Rambo and Parker does not expressly teaches:
 wherein the threat score … is based on a threat type associated with the cyber-security attack. 

wherein the threat score … is based on a threat type associated with the cyber-security attack (Voss, Col. 4, lines 10-13; “In an embodiment of the invention, a numerical value is established for one or more threats of attack on an information system asset of the entity.” … Col. 7, lines 60-61, “The present invention defines the different types of threats to the system …”). In addition, Rambo teaches the nature/type of the threat (Rambo, Col. 2, lines 49-50; “Depending on the nature and sophistication of the threat, the user devices may be vulnerable to malicious actors ….”).
Rambo, Parker and Voss are from similar field of technology. Prior to the instant application’s effective filling date, there was a need for performing threat detection and risk– index scoring.
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Voss system into Rambo-Parker system, with a motivation to provide assessing and quantifying the risk exposure of an information system or application using a quantitative risk assessment model (Voss, Col. 1, lines 17-19) in order to managing security risks to user devices within an enterprise (Rambo, Col. 1, lines 17-18).

As per claim 5, the combination of Rambo and Parker teaches the computer-implemented method of claim 1, wherein the privileged index for each of the plurality of network users [is based on one or more of: an ability to transfer funds, an ability to access employee data, or an ability to access intellectual property] 

wherein the privileged index … is based on one or more of: an ability to transfer funds, an ability to access employee data, or an ability to access intellectual property. 
But, Voss teaches:
wherein the privileged index … is based on one or more of: an ability to transfer funds, an ability to access employee data, or an ability to access intellectual property (Voss, Col. 8, lines 2-6; “A normal user may be able to access certain data from a computer, but if that person were to exploit a vulnerability, he or she might have additional control, for example, to see and/or delete other persons data that he or she would not otherwise have.”).
Rambo, Parker and Voss are from similar field of technology. Prior to the instant application’s effective filling date, there was a need for performing threat detection and risk– index scoring.
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Voss system into Rambo-Parker system, with a motivation to provide assessing and quantifying the risk exposure of an information system or application using a quantitative risk assessment model (Voss, Col. 1, lines 17-19) in order to managing security risks to user devices within an enterprise (Rambo, Col. 1, lines 17-18).

10, the rejection of claim 8 is incorporated. In addition, it is a system claim that recites limitations to those of claim 3, and therefore it is rejected for the same rationale applied to claim 3.

As per claim 12, the rejection of claim 8 is incorporated. In addition, it is a system claim that recites limitations to those of claim 5, and therefore it is rejected for the same rationale applied to claim 5.

As per claim 17, the rejection of claim 15 is incorporated. In addition, it is a non- transitory computer-readable storage medium claim that recites limitations to those of claim 3, and therefore it is rejected for the same rationale applied to claim 3.

As per claim 19, the rejection of claim 15 is incorporated. In addition, it is a non-transitory computer-readable storage medium claim that recites limitations to those of claim 5, and therefore it is rejected for the same rationale applied to claim 5.

Claims 21-23 are rejected under 35 U.S.C. 103 as being unpatentable over Rambo et al. (US 10,084,809) hereinafter Rambo in view of Parker (US 9,661,003) as applied to claim 1 above, and further in view of Schultz et al. (US 2015/0381649) hereinafter Schultz.
As per claim 21, the combination of Rambo and Parker teaches the computer-implemented method of claim 1, wherein the targetedness [is based on geographic specificity].

wherein the targetedness is based on geographic specificity.
But, Shultz teaches:
wherein the targetedness is based on geographic specificity (Shultz, Parag. [0038]; ““Threat agent”, in various embodiments, is a specific attacker with actors or a threat group category with category properties whose likelihood of attack varies on factors including, but not limited to, geography, industry segment, political preferences, government affiliation, and relation to financial events or activist causes. The threat agent can be used to normalize the likelihood of attack on the targeted organization based on its industry segment, location and relation to world or local events.”).
Rambo, Parker and Shultz are from similar field of technology. Prior to the instant application’s effective filling date, there was a need for performing threat detection and risk– index scoring.
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Shultz’s system into Rambo-Parker system, with a motivation to provide systems, apparatuses, and methods related to modeling risk as the probabilistic likelihood of loss, including financial loss, resulting from damage to a physical system, virtual system, data, and/or information assets in a computer network based on one or more cyber-attacks (Shultz, Parag. [0001]) and determining the likelihood of an attack taking into consideration various factors including geographic location (Shultz, Parag. [0038]).

22, the rejection of claim 8 is incorporated. In addition, it is a system claim that recites limitations to those of claim 21, and therefore it is rejected for the same rationale applied to claim 21.

As per claim 23, the rejection of claim 15 is incorporated. In addition, it is a non-transitory computer-readable storage medium claim that recites limitations to those of claim 21, and therefore it is rejected for the same rationale applied to claim 21.

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
Feng et al.; US 10,063,582: relates to a method may include ( a ) identifying a Positive Unlabeled (PU) machine learning classifier, (b) selecting labeled positive samples and unlabeled positive and negative samples as a bootstrap subset of training data from a set of training data, (c) training the PU machine learning classifier, (d) repeating (a)-(c) one or more times to create a set of trained PU machine learning classifiers, (e) predicting probabilities that a network device in a network has been compromised using each of the trained PU machine learning classifiers, (f) combining the probabilities predicted at (e) to generate a combined risk score for the network device, (g) repeating (e)-(f) one or more times to create a ranked list of combined risk scores, and (h) performing a security action on one or more of the network devices in the ranked list.
Roytman et al.; US 2015/0237065: relates to techniques for ranking a set of vulnerabilities of a computing asset and set of remediation for a computing asset, and determining a risk score for one or more computing assets are provided.
Deb et al.; US 2012/0203590: relates to a computer system assesses the overall risk for different technologies for an organization. Technologies may be evaluated by obtaining severity levels and environmental risk scores for the vulnerabilities associated with the technologies. Each severity level measures a possible risk level of a corresponding vulnerability, while each environmental risk score is based on the organization's environment. 

Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 

Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Yin-Chen Shaw can be reached on 571-272-8878. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.




/A.D.C./Examiner, Art Unit 2498