Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Claims 1-18 are pending.
EXAMINER’S AMENDMENT
	The application has been amended as follows: 
An examiner’s amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.
Authorization for this examiner’s amendment was given in a telephone interview with applicant y Mr. Christian Lee Basballe Sorensen,  on 05-04-2022.

	Claims are amended as follows:
	1. (Currently Amended) A computer-implemented method for mitigating cybersecurity performance gaps in an organization, comprising: 
	selecting a threat framework for formulating a threat detection strategy;
	determining adversary tactics that are used to circumvent the threat detection strategy related to the selected threat framework;	
mapping adversary tactics based on the determined adversary tactics to develop an updated threat detection strategy;
	performing cybersecurity threat detection tests based on the updated threat detection strategy to determine a threat assessment score;
	contextualizing the determined threat assessment score based on the selected threat framework;
	determining cybersecurity performance gaps based on the contextualized threat assessment score, wherein the cybersecurity performance gaps are determined by rationalizing the threat assessment score based on weights provided to one or more categories of cybersecurity threats;
	prioritizing the determined cybersecurity performance gaps based on the contextualized threat assessment score and one or more factors associated with the organization’s operational environment; 
	assessing security analysts of the organization by simulating one or more external threats and determining a cybersecurity process assessment score for the organization; and
	providing automated recommendations and alerts regarding the cybersecurity performance gaps and their effects on operational risks and business exposure of the organization, wherein the automated recommendations are provided based on the prioritized cybersecurity performance gaps and cybersecurity process assessment score. 

	5. (Currently amended) The computer-implemented method of claim 1, wherein contextualizing the determined threat assessment score comprises transforming the threat assessment score into data categories including alert, detect, and protect.
	7. (Canceled)
	8. (Canceled)
	9. (Currently Amended) The computer-implemented method of claim [[8]] 1, wherein the one or more factors associated with the organization’s operational environment that are used to prioritize the threat assessment score comprise at least one of weights provided to each sub-category of items in the selected threat framework, weights provided to the organization’s business verticals, rationalized threat assessment score, and cybersecurity process assessment score of the organization. 
	10. (Canceled)
	11. (Currently Amended) A system, comprising:
at least one processor; and
	at least one non-transitory computer readable storage medium storing instructions thereon that, when executed by the at least one processor, cause the system to:
	select a threat framework for formulating a threat detection strategy;
	determine adversary tactics that are used to circumvent the threat detection strategy related to the selected threat framework;	
	map adversary tactics based on the determined tactics to develop an updated threat detection strategy;
	perform a cybersecurity threat detection test based on the updated threat detection strategy to determine a threat assessment score;
	contextualize the determined threat assessment score based on the selected threat framework;
	determine cybersecurity performance gaps based on the contextualized threat assessment score, wherein the cybersecurity performance gaps are determined by rationalizing the threat assessment score based on weights provided to one or more categories of cybersecurity threats;
	prioritize the determined cybersecurity gaps based on the contextualized threat assessment score and one or more factors associated with the organization’s operational environment; 	assess security analysts of the organization by simulating one or more external threats and determining a cybersecurity process assessment score for the organization; and
	provide automated recommendations and alerts regarding the cybersecurity performances gaps and their effect on the operational risk and business exposure of the organization, wherein the automated recommendations are provided based on the prioritized cybersecurity performance gaps and cybersecurity process assessment score. 
	12. (Canceled)
	13. (Canceled)
	14. (Currently Amended) The system of claim [[13]] 11, wherein the one or more factors associated with the organization’s operational environment that are used to prioritize the threat assessment score comprise at least one of weights provided to each sub-category of items in the selected threat framework, weights provided to the organization’s business verticals, rationalized threat assessment score, and cybersecurity process assessment score of the organization. 
	15. (Currently Amended) A non-transitory computer readable medium storing instructions thereon that, when executed by at least one processor, cause a computer system to:
select a threat framework for formulating a threat detection strategy;
determine adversary tactics that are used to circumvent the threat detection strategy related to the selected threat framework;	
map adversary tactics based on the determined tactics to develop an updated threat detection strategy;
perform a cybersecurity threat detection test based on the updated threat detection strategy to determine a threat assessment score;
contextualize the determined threat assessment score based on the selected threat framework;
determine cybersecurity performance gaps based on the contextualized threat assessment score, wherein the cybersecurity performance gaps are determined by rationalizing the threat assessment score based on weights provided to one or more categories of cybersecurity threats;
prioritize the determined cybersecurity gaps based on the contextualized threat assessment score and one or more factors associated with the organization’s operational environment;
assess security analysts of the organization by simulating one or more external threats and determining a cybersecurity process assessment score for the organization; and
provide automated recommendations and alerts regarding the cyber security performance gaps and their effect on the operational risk and business exposure of the organization, wherein the automated recommendations are provided based on the prioritized cybersecurity performance gaps and cybersecurity process assessment score.

	16. (Canceled)
	17. (Canceled) 
	18. (Currently Amended) The non-transitory computer readable medium of claim [[17]] 15, wherein the one or more factors associated with the organization’s operational environment that are used to prioritize the threat assessment score comprise at least one of weights provided to each sub-category of items in the selected threat framework, weights provided to the organization’s business verticals, rationalized threat assessment score, and cybersecurity process assessment score of the organization. 


Allowable Subject Matter
	Claims 1-6, 9, 11, 14, 15 and 18 are allowed.
The following is an examiner’s statement of reasons for allowance:
The prior art Honig et al. (US Publication No.2019/0215328) of record discloses, a system and methods for detecting intrusions in the operation of a computer system comprises a detection model generator configured to request training data from data record, generate an intrusion detection model based on said training data, and to transmit the intrusion detection model to a data warehouse according to the predetermined data format. A detector is configured to receive a data record from a sensor and to determine whether said data record corresponds to an attack based on said intrusion detection model. The prior art Xie et al. (US Publication No.2018/0324218) of record discloses, systems and methods for monitoring compliance with security goals by a network . According to one embodiment, a topology of a network segment of a private network is discovered by a network security device associated with the private network. Security policies implemented by one or more network security devices that form part of the network segment are learned by the network security device. Compliance with a security goal associated with the network segment is then determined by the network security device. The prior art Lee et al. (US Publication No.2016/0226894) of record discloses, a method and system, capable of performing adaptive intrusion detection proactively coping with a new type of attack unknown to the system, the system including a data collector configured to collect host and network log information, an input data preprocessor configured to convert data acquired through the data collector into a feature vector, and an intelligence intrusion detection analyzer configured to perform an intrusion detection and a model update by using the extracted feature vector, and an intrusion detection learning model configured to detect an intrusion and learn classification of the type of attack based on training data. The prior art Baikalov et al. (US Patent No. 9,800,605) of record discloses, threat risks to an enterprise are detected and assessed by assembling singular threats identified using both direct and behavioral threat indicators into composite threats to create complex use cases across multiple domains, and to amplify risks along kill chains of known attacks for early detection. Composite threat risk scores are computed from risk scores of singular threats to exponentially increase with the number of events observed along the kill chain. Composite threats are combined with normalized values of static risk and inherent risk for an entity of the enterprise to produce an entity risk score representative of the overall risk to the entity.
However, prior arts taken singly or in combination, fail to anticipate or render the following limitation:
	“determining cybersecurity performance gaps based on the contextualized threat assessment score, wherein the cybersecurity performance gaps are determined by rationalizing the threat assessment score based on weights provided to one or more categories of cybersecurity threats; prioritizing the determined cybersecurity performance gaps based on the contextualized threat assessment score and one or more factors associated with the organization’s operational environment; assessing security analysts of the organization by simulating one or more external threats and determining a cybersecurity process assessment score for the organization; and providing automated recommendations and alerts regarding the cybersecurity performance gaps and their effects on operational risks and business exposure of the organization, wherein the automated recommendations are provided based on the prioritized cybersecurity performance gaps and cybersecurity process assessment score”, (as claimed in claim 1, 11 and 15).
Claims are allowed in light of the above claim limitations when in combination with the remaining claim limitations.
Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”

Conclusion
	Any inquiry concerning this communication or earlier communications from the examiner should be directed to Ali Abyaneh whose telephone number is (571) 272-7961. The examiner can normally be reached on Monday-Friday from (8:00-5:00). If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kristine Kincaid can be reached on (571) 272-4063. The fax phone numbers for the organization where this application or proceeding is assigned as (571) 273-8300. Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free).
/ALI S ABYANEH/Primary Examiner, Art Unit 2437