DETAILED ACTION

The following is an Allowance in response to Applicant's response filed on 7/25/22.  Applicant has amended claim 1 and added claims 2-20.  Claims 1-20 are currently pending and have been allowed.

REASONS for ALLOWANCE

Claims 1-20 are allowed.
The claims are eligible subject matter because the claims are necessarily rooted in technology by using machine learning to determine security feature use cases which indicate a security use feature of a data source and where the maturity score model is a function of the data source coverage, the asset collection coverage, the security feature use case coverage and the criticality score of the active data sources.   The claims are allowable over the art in because of applicant’s 7/25/22 amendments and remarks, especially p. 11-12.   Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  

Conclusion

The prior art made of record and not relied upon is considered pertinent to applicant's disclosure, yet insufficient, either singularly or in combination with one or more of the remaining prior art references of record to render the claimed invention anticipated or obvious. Furthermore, neither the below pertinent prior art, nature of the problem, nor knowledge of a person having ordinary skill in the art provides for any predictable or reasonable rationale to combine prior art teachings in attempt to render the claimed invention obvious:

A.  Conde-Berrocal (US 2020/0342374 A1), a method for effectively managing and displaying an Information Security Management System (ISMS), or Cybersecurity Framework, by an application executing on a computer device for computing and displaying real time dynamic metrics and market comparison for the user that includes authenticated and authorized Users to conduct security baselines based on industry accepted standards in order to establish a plurality of metric baselines dynamically and in real time and includes projects submitted to be measured against organizational goals and simulate the impact to the security baselines

B. Weith et al. (US 2017/0359220 A1), a method implemented through a distributed security system for determining and addressing risk of users, groups of users, locations, and/or companies include obtaining log data from the distributed security system; analyzing the log data to obtain a risk score for an entity associated with the distributed security system, wherein the entity comprises one of a user, a group of users, a location, and a company, and wherein the risk score is a weighted combination of pre-infection behavior, post-infection behavior, and suspicious behavior; performing one or more remedial actions for the entity; and subsequently obtaining updated log data and analyzing the updated log data to obtain an updated risk score to determine efficacy of the one or more remedial actions
 
C. DiMaggio et al. (US 2018/0018602 A1), a system for  determining maturity levels and risk scores associated with compliance activities and remediation activities of covered entities including  generating, by the system, a risk score representing an estimated impact of threat data, vulnerability data, or non-compliance data on a set of protected information data based on a comparison of a first value corresponding to a maturity level to one or more values corresponding to a threshold maturity level, wherein threshold maturity level is based at least in part on a set of risk criteria


The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.

US 20120084288 A1
US 11244045 B2
CN 1714327 A 
Sifma "Insider Threat Best Practices" 




Any inquiry concerning this communication or earlier communications from the examiner should be directed to Sujay Koneru whose telephone number is 571-270-3409.  The examiner can normally be reached on Monday thru Friday, 9 to 5.  
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Patricia Munson can be reached on (571) 270-5396.  The fax phone number for the organization where this application or proceeding is assigned is 571-270-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/SUJAY KONERU/
Primary Examiner, Art Unit 3624