Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Response to Amendments
The amended claims 1, 4 – 7, 9 – 11, 13, 15, 16, 18 – 20 were considered under 35 USC 112, 101 and 103 for patentability over closest and analogous prior arts Chen et al (US 8392997), hereafter Chen and Liu (US 9661019), hereafter Li have been fully considered and are persuasive. Claim(s) 2, 3, 8, 12, 14 and 17 is/are cancelled.

Allowable Subject Matter
1.	Amended claims 1, 4 – 7, 9 – 11, 13, 15, 16, 18 – 20 are allowed in light of applicant’s arguments, approved examiner’s proposed amendments and in light of prior art(s) made of record. 

Examiner’s Amendment
An examiner’s amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.  Authorization for this examiner’s amendment was given in an interview with Aseet Patel (attorney) for filed amended claims on 12-03-2021:
1.    (Currently Amended) A method for determining in real-time a likelihood of failure due to a multi-dimensional cybersecurity threat, the method comprising: automatically 
identifying, by the computer processor, a control type as one of mitigated and unmitigated, in each of a plurality of dimensions; 
generating, by the computer processor, in real-time a plurality of potential cybersecurity attack patterns and mitigated combinations against control mechanisms at each step of a cyber kill chain; 
using machine learning (ML) from prior test scripts to determine (i) current controls, (ii) missing controls, and (iii) recommended controls for [[a]] the plurality of dimensions, wherein the ML is trained with at least one location feature; using the ML and according to a specified threshold from the prior test scripts further comprises to determine a likelihood of success of the cybersecurity threat with a predictive analytics engine, wherein the predictive analytics engine executes in the real-time of the generating of the plurality of potential cybersecurity attack patterns; and automatically generating, by the computer processor, a graphical user interface comprising a cybersecurity attack tree showing a combination of at least a threat actor, attack pattern, and target in at least one stage of the cyber kill chain; and
wherein the cybersecurity attack tree shows a further combination of at least an attack vector, a mitigating control by dimension, target, and effect in the at last one stage of the cyber kill chain.


tangible computer memory storing computer-executable instructions that, when executed by the computer processor, cause the multi-dimensional cybersecurity threat modeling system to: automatically retrieve data from a system of record associated with a cybersecurity threat; assess a current control environment by applying a test script; identify a control type as one of mitigated and unmitigated, in each of a plurality of dimensions; generate in real-time a plurality of potential cybersecurity attack patterns and mitigated combinations against control mechanisms at each stage of a cyber kill chain; use machine learning (ML) from prior test scripts to determine at least one of: (i) current controls, (ii) missing controls, and (iii) recommended controls for a plurality of dimensions, wherein the ML is trained with at least one location feature; using the ML and according to a specified threshold from the prior test scripts further comprises to determine a likelihood of success of the cybersecurity threat with a predictive analytics engine, wherein the predictive analytics engine executes in the real-time of the generating of the plurality of potential cybersecurity attack patterns; and automatically generate a graphical user interface comprising a cybersecurity attack tree showing a combination of at least a
threat actor, attack pattern, and target in at least one stage of the cyber kill chain; and wherein the cybersecurity attack tree shows a further combination of at least an attack vector, a mitigating control by dimension, target, and effect in the at last one stage of the cyber kill chain.
 
18. (Currently Amended) A tangible, non-transitory computer readable medium storing computer-executable instructions that, when executed by a computer processor, cause a multidimensional cybersecurity threat modeling system to: 
in real-time a plurality of potential cybersecurity attack patterns and mitigated combinations against control mechanisms at each stage of a cyber kill chain; 
use machine learning (ML) from prior test scripts to determine at least one of: (i) current controls, (ii) missing controls, and (iii) recommended controls for a plurality of dimensions, wherein the ML is trained with at least one location feature; using the ML and according to a specified threshold from the prior test scripts further comprises to determine a likelihood of success of the cybersecurity threat with a predictive analytics engine, wherein the predictive analytics engine executes in the real-time of the generating of the plurality of potential cybersecurity attack patterns; automatically generate a graphical user interface comprising a cybersecurity attack tree showing a combination of at least a
threat actor, attack pattern, and target in at least one stage of the cyber kill chain; and wherein the cybersecurity attack tree shows a further combination of at least an attack vector, a mitigating control by dimension, target, and effect in the at last one stage of the cyber kill chain.

Reasons for Allowance
The following is an examiner’s statement of reasons for allowance: 
As to the independent claim 1, the prior art of reference Chen teaches C32L45-47: a computer via crawling automatically receives data from one or more mass storage devices (C17L4-35) processes are automated using an automation tool; C1L48-50: analyzing security threats associated with software and computer vulnerabilities (C32L12-16:  via scripts) includes 

Further, a second prior art of record Li teaches C2L32-39: information layer agent on one or more nodes determines if an event is indicative of an imminent or current attack, determines if the event represents a known or unknown attack pattern and classify the attack, based on information associated with known attack patterns, including state-action mappings (Fig. 32) in various dimensions; C2L56-64: an attack tree model is constructed for the distributed system to construct a model of the progression (or likely progression) of an attack (C17L17-20) formulated attack path discovery algorithm is used to locate a set of paths to a victim node from which an attacker launches DoS attacks to overwhelm victim resources and (C4L28-29) discovering new attack patterns and building attack tree models and (C1L41-42) automatic responsive actions 

None of the other prior arts of record teach by themselves or in any combination, would have anticipated nor render obvious by combination the claimed invention of the present application at or before the time it was filed.  The prior arts of record fail to teach: plurality of communicatively coupled, networked assets of an organization threatened or attacked by a cybersecurity attack or other form of attack. Control mechanisms installed and established to protect against specific cybersecurity attacks and other infiltrations. Machine learning and predictive analytics are used to more appropriately match specific attacks and threats against specific control mechanisms, accounting for dimensionality of control mechanisms. The matching of attack patterns and control mechanisms may use test scripts that operate on data pulled from the organization's systems of record. A factor analysis of information risk (FAIR) performed and visual threat models may be automatically generated that show the mapping between a threat actor, attack type, control environment including dimensionality, the targeted system and the impact on the organization.

Therefore, independent claim 1 and their corresponding dependent claims are allowed in light of applicant’s arguments, approved examiner’s amendments and prior arts of record. The same amendments and reasoning are applicable to independent claim(s) 10 and 18 mutatis mutandis.  Claim(s) 2, 3, 8, 12, 14 and 17 is/are cancelled.



Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. See form PTO-892 Notice of References Cited.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Badri -- Champakesan whose telephone number is (571)270-3867.  The examiner can normally be reached on M-F: 8:30am-5pm (EST).
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jorge L. Ortiz-Criado can be reached on 5712727624.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to 




/BADRINARAYANAN /Examiner, Art Unit 2496.