Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
	Claims 1-20 are pending.
Information Disclosure Statement PTO-1449
	The Information Disclosure Statement submitted by applicant on 08-27-2020 has been considered. Please see attached PTO-1449.
EXAMINER' S AMENDMENT
	The application has been amended as follows: 
	An examiner' s amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.
	Authorization for this examiner' s amendment was given in a telephone interview with applicant' s attorney Mr. Seongun M. Hong,  (Reg. No.74,035 ), on 07-20-2022.
	Claims are amended as follows:

1.	(Currently Amended) A system for identifying and remediating data exfiltration paths, the system comprising:
	a memorywith computer-readable program code stored thereon;
	a communication device; and
	a processing circuitry operatively coupled to the memory and the communication device, wherein the processing circuitry is configured to execute the computer-readable program code to:
identify one or more sets of target data for exfiltration;
generate a map of exfiltration pathways for each of the one or more sets of target data;
identify one or more implemented data security controls and one or more unimplemented data security controls for each exfiltration pathway in the map of exfiltration pathways;
generate a prioritization scheme based on the map of exfiltration pathways, wherein generating the prioritization scheme comprises generating an exfiltration score for each exfiltration pathway, wherein the exfiltration score is based on the one or more implemented data security controls, the one or more unimplemented data security controls, and an exfiltration frequency, wherein the exfiltration frequency comprises a number of times exfiltration was attempted and a number of times exfiltration succeeded; and
display to a user one or more recommendations based on the prioritization scheme.

2.	(Canceled)

3.	(Currently Amended) The system according to claim [[2]] 1, wherein displaying the one or more recommendations comprises:
determining that implementing the one or more unimplemented data security controls would increase the exfiltration score for an exfiltration pathway; and
providing a recommendation to implement the one or more unimplemented data security controls. 

8.	(Currently Amended) A computer program product for identifying and remediating data exfiltration paths, the computer program product comprising at least one non-transitory computer readable medium having computer-readable program code portions embodied therein, the computer-readable program code portions comprising executable code portions for:
identifying one or more sets of target data for exfiltration;
generating a map of exfiltration pathways for each of the one or more sets of target data;
identifying one or more implemented data security controls and one or more unimplemented data security controls for each exfiltration pathway in the map of exfiltration pathways;
generating a prioritization scheme based on the map of exfiltration pathways, wherein generating the prioritization scheme comprises generating an exfiltration score for each exfiltration pathway, wherein the exfiltration score is based on the one or more implemented data security controls, the one or more unimplemented data security controls, and an exfiltration frequency, wherein the exfiltration frequency comprises a number of times exfiltration was attempted and a number of times exfiltration succeeded; and
displaying to a user one or more recommendations based on the prioritization scheme.

9.	(Canceled)

10.	(Currently Amended) The computer program product according to claim [[9]] 8, wherein displaying the one or more recommendations comprises:
determining that implementing the one or more unimplemented data security controls would increase the exfiltration score for an exfiltration pathway; and
providing a recommendation to implement the one or more unimplemented data security controls. 

14.	(Currently Amended) A computer-implemented method for identifying and remediating data exfiltration paths, wherein the computer-implemented method comprises:
identifying one or more sets of target data for exfiltration;
generating a map of exfiltration pathways for each of the one or more sets of target data;
identifying one or more implemented data security controls and one or more unimplemented data security controls for each exfiltration pathway in the map of exfiltration pathways;
generating a prioritization scheme based on the map of exfiltration pathways, wherein generating the prioritization scheme comprises generating an exfiltration score for each exfiltration pathway, wherein the exfiltration score is based on the one or more implemented data security controls, the one or more unimplemented data security controls, and an exfiltration frequency, wherein the exfiltration frequency comprises a number of times exfiltration was attempted and a number of times exfiltration succeeded; and
displaying to a user one or more recommendations based on the prioritization scheme.

15.	(Canceled)

16.	(Currently Amended) The computer-implemented method according to claim [[15]] 14, wherein displaying the one or more recommendations comprises:
determining that implementing the one or more unimplemented data security controls would increase the exfiltration score for an exfiltration pathway; and
providing a recommendation to implement the one or more unimplemented data security controls. 
Allowable Subject Matter
	Claims 1, 3-8, 10-14 and 16-20 are allowed.
	The following is an examiner' s statement of reasons for allowance:
	The prior art Dani et al. (US Publication No. 2021/0021629) of record discloses, methods and systems for generating an attack path based on user and system risk profiles are presented. The method comprises determining user information associated with a computing device; determining system exploitability information of the computing device; determining system criticality information of the computing device; determining a
risk profile for the computing device based on the user information, the system exploitability information, and the system criticality information; and generating an attack path based on the risk profile. The attack path indicates a route through which an attacker accesses the computing device.
	The prior art Kruse et al. (US Publication No. 2021/0105294) of record discloses, 
a method and a system for assessing potential cybersecurity threats to a subject system include receiving a subject system to analyze, determining a potential hazard event associated with the subject system, generating an attack graph associated with the potential hazard event, wherein the attack graph includes a plurality of actions, determining an exploitability score for each of the plurality of actions, determining an uncertainty level for each of the plurality of actions based on the corresponding exploitability score, aggregating the plurality of actions including the corresponding exploitability scores and the corresponding uncertainty levels to determine one or more vulnerabilities of the subject system, and generating a response to the one or more vulnerabilities of the subject system.
	The prior art Attar et al. (US Publication No. 2021/0288995) of record discloses, a method for refining a network attack graph comprising the steps of constructing a network attack graph that relates to potential exploitation of network vulnerabilities, determining a score for each one of said detected vulnerabilities and determining a score related to the importance level of every device in the network wherein the aforementioned scores determination provides for a database used for the removal
of cycles from the network attack graph.
	The prior art Hassanzadeh et al. (US Publication No. 2020/0177618) of record discloses, Implementations of the present disclosure include providing a state graph representative of a set of action states within a network, each action state representing an attack that can be performed by an adversary within the network, determining a path stealthiness value for each attack path of a set of attack paths within the network,  determining a path hardness value for each attack path of the set of attack paths within the network, and selectively generating one or more alerts based on one or more of path stealthiness values and path hardness values.
	The prior art Sharifi Mehr et al. (US Patent No. 10,521,584) of record discloses, a system acquires diagnostic information from event logs, trace files, and other diagnostic sources to reduce a set of event records. The event records are arranged in a graph based on correlations between individual event records. The system analyzes the graph to identify anomalies such as data exfiltration anomalies, system compromises, or security events. In some implementations, the system deploys decoy resources within a customer computing environment. Interactions with the decoy resources are captured as event records and added to the graph.
	However, prior arts taken singly or in combination, fail to anticipate or render the following limitation: identify one or more implemented data security controls and one or more unimplemented data security controls for each exfiltration pathway in the map of exfiltration pathways; generate a prioritization scheme based on the map of exfiltration pathways, wherein generating the prioritization scheme comprises generating an exfiltration score for each exfiltration pathway, wherein the exfiltration score is based on the one or more implemented data security controls, the one or more unimplemented data security controls, and an exfiltration frequency, wherein the exfiltration frequency comprises a number of times exfiltration was attempted and a number of times exfiltration succeeded (as claimed in claims 1, 8 and 14).
	Claims are allowed in view of the above claim limitations when in combination with remaining claim limitations.
	
	Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”
Conclusion
	Any inquiry concerning this communication or earlier communications from the examiner should be directed to Ali Abyaneh whose telephone number is (571) 272-7961. The examiner can normally be reached on Monday-Friday from (8:00-5:00). If attempts to reach the examiner by telephone are unsuccessful, the examiner' s supervisor, Kristine Kincaid can be reached on (571) 272-4063. The fax phone numbers for the organization where this application or proceeding is assigned as (571) 273-8300. Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free).
/ALI S ABYANEH/Primary Examiner, Art Unit 2437