Notice of Pre-AIA  or AIA  Status
Claims 1-22 are presented for examination.  The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Information Disclosure Statement
The information disclosure statements (IDS) submitted on 7/13/20, 11/13/20, 3/19/21, 9/10/21, and 3/21/22 have all been considered by the examiner.

Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.


(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.

Claims 1-22 are rejected under 35 U.S.C. 102(a)(1) and 35 U.S.C. 102(a)(2) as being anticipated by Ganor (U.S. Patent Publication 2018/0375892).

Regarding claim 1:
	Ganor discloses a system for processing cyber-risk in real time, comprising: a profiling component configured to determine at least one baseline of a user, said at least one baseline of a user comprising at least one control (paragraphs 0068-0070, 0080­0085, & 0095 - "cyber risk management and security policy and procedures logic 320 may store policy information, such as whether particular user devices 110 are permitted to access company private information/databases, access external networks, etc. Security policy and procedures logic 320 may also store policy information with respect to user behavior in an enterprise network, such as whether users are permitted to download and execute files attached to email, execute files downloaded from websites located externally from the enterprise, receive unsolicited correspondence from individuals outside the company, etc."; "a CISO, business owner or C-level executive may be able to obtain a quick overview of threat status in an enterprise as compared to a benchmark/general industry threat level"); an analytic component configured to generate at least one threat framework (Ibid: "Security policy and procedures logic 320 may also store information identifying particular industry security standards with which the enterprise complies. Security policy and procedures logic 320 may be used by other logic or modules illustrated in FIG. 3 to determine whether enterprise procedures for an enterprise/company are being complied with. For example, cyber risk management and strategic planning logic 330 and/or machine learning and profiling logic 380 may use information stored in security policy and procedures logic 320 to generate asset risk exposure and threat exposure measures"; "System 130 may identify various threats"; "Each threat scenario may then be measured on a scale of 0 to 100"); an evaluation component configured to apply said at least one threat framework to said at least one baseline for the determination of at least one identified threat (Ibid: "Cyber risk management and strategic planning logic 330 (also referring to herein as cyber risk management logic 330 and/or strategic planning logic 330) may include logic to identify an enterprise's strategy with respect to calculating risks and managing security, including mitigating cyber attacks, following particular security standards, etc."; "Each threat scenario may then be measured on a scale of Oto 100 (or 1 to 5) with respect to its "bad" impact on Confidentiality, Integrity and Availability of enterprise assets, with a score of 0 corresponding to no/very little impact and a score of 100 corresponding to the highest impact. As an example, a Ransomware attack may have a score of 0 with respect to Confidentiality, a score of 0 with respect to Integrity and a score of 100 with respect to Availability, since if successful, a Ransomware attack may block the enterprise's access to its own assets"); said evaluation component further configured to determine at least one theoretical control according to said at least one identified threat; said evaluation component further configured to determine at least one implementation priority according to said at least one theoretical control (Ibid: "cyber risk management and strategic planning logic 330 may interface with machine learning and profiling logic 380 to enable an enterprise to align its cyber work plans and security investments to the desired critical business assets' risk exposure, compare an enterprise's risk exposure to industry peers and competitors, evaluate threat levels across an enterprise, view ongoing, real-time cyber security risk status, recommend and prioritize courses of actions (e.g., work plans, mitigations, budgets), govern compliance activities and regulation controls, manage day-to-day CISO tasks and responsibilities, including incident follow-up, awareness programs, security controls, policies and procedures, etc."; "System 130 may also assign each asset a level of "criticality" in terms of Confidentiality, Integrity and Availability"); a documentation component configured to record data (paragraphs 0071-0072, & 0092-0093: "Audit and security controls logic 340 may verify that the appropriate security team has complied with the policy specifying no remote access and has properly documented that all devices for the enterprise have been checked to ensure compliance"); an implementation component configured to implement at least one remedial control according to said at least one theoretical control and said at least one implementation priority (paragraphs 0022-0024, 0068-0070, & 0080-0085: "risk exposure may be defined as a percentage value ranging from 0-100 percent, with zero percent corresponding to no risk or extremely low risk and 100 percent corresponding to a very high risk. In other implementations, the risk exposure may be defined in relative terms, such as very low, low, medium, high, very high, etc. In implementations described herein, the system may provide recommendations to mitigate the threats via a GUI and/or automatically initiate measures to mitigate the threat, such as automatically re-deploy network security equipment, deploy new security equipment (e.g., a firewall), send alerts/communications to the appropriate personnel, quarantine or block access to enterprise assets from all or particular user devices 110, etc."; "recommend and prioritize courses of actions (e.g., work plans, mitigations, budgets)"; "Cyber risk management and strategic planning logic 330 may process each of the selected threats (e.g., 10-20 identified threats) in this manner and generate a score for each threat"); a validation component configured to validate said at least one remedial control (paragraphs 0020, 0071-0072, & 0092-0093: "determine whether security policies/operations are being complied with, validate company compliance with regulations"; "conduct audits and assessments and/or determine whether audits/assessments are being performed on a regular basis, perform and/or verify resource planning and prioritizing security tasks/activities, perform and/or verify security risk management procedures, administer and/or verify employee awareness programs are being followed, verify and/or audit security budgets, conduct and verify that security controls are being followed, provide access to a real-time cyber security user interface/dashboard, etc."); and a monitoring component configured to monitor and audit the user's cybersecurity architecture (Ibid, and also paragraph 0112: "audit and security controls logic 340 and security operations logic 350 may monitor the enterprise's security in real-time based on the stored security policies/procedure"; "a comprehensive, flexible, data driven platform that enables smart cyber decisions, real-time monitoring and analysis of enterprise security").

Regarding claim 2:	Ganor further discloses wherein said at least one implementation priority is determined according to the criticality of said at least one theoretical control (paragraphs 0068-0072, & 0080-0085).

Regarding claim 3:	Ganor further discloses wherein said at least one implementation priority is determined according to the volatility of said at least one theoretical control (Ibid).

Regarding claim 4:	Ganor further discloses wherein said profiling component is configured to determine said at least one baseline of a user according to at least one data feed (paragraphs 0015, 0065-0070, 0080-0085, & 0095).

Regarding claim 5:	Ganor further discloses wherein said at least one threat framework is determined according to an analytic routine (paragraphs 0068-0070, 0075, & 0080-0085).

Regarding claim 6:	Ganor further discloses wherein said at least one identified threat is determined according to at least one appraisal routine (Ibid).

Regarding claim 7:	Ganor further discloses wherein said implementation component further comprises a notification component configured to notify the user of said at least one remedial control (paragraphs 0024, 0071-0072, 0077, 0092-0093).

Regarding claim 8:	Ganor further discloses wherein said implementation component is configured to automatically implement said at least one remedial control (paragraphs 0020-0024, & 0092-0093).
Regarding claim 9:
Ganor discloses a system for processing cyber-risk in real time, the system comprising: a profiling component configured to determine at least one baseline of a user according to at least one data feed, said at least one baseline of a user comprising at least one control (paragraphs 0068-0070, 0080-0085, & 0095); an analytic component configured to generate at least one threat framework according to a plurality of considered variables (Ibid); an evaluation component configured to apply said at least one threat framework to said at least one baseline for the determination of at least one identified threat (Ibid); said evaluation component further configured to determine at least one theoretical control according to said at least one identified threat (Ibid); said evaluation component further configured to determine at least one implementation priority according to said at least one theoretical control (Ibid); a documentation component configured to record data (paragraphs 0071-0072, & 0092-0093); an implementation component configured to implement at least one remedial control according to said at least one theoretical control and said at least one implementation priority (paragraphs 0022-0024, 0068-0070, & 0080-0085); said implementation component further comprising a notification component, said notification component configured to notify the user of said at least one remedial control (paragraphs 0024, 0071-0072, 0077, & 0092-0093); a validation component configured to validate said at least one remedial control (Ibid, and paragraph 0020); and a monitoring component configured to monitor and audit the user's cybersecurity architecture (Ibid, and paragraph 0112).

Regarding claim 10:	Ganor further discloses wherein said at least one threat framework is determined according to an analytic routine (paragraphs 0068-0070, 0075, & 0080-0085).

Regarding claim 11:	Ganor further discloses wherein said at least one identified threat is determined according to at least one appraisal routine (Ibid).

Regarding claim 12:	Ganor further discloses wherein said at least one implantation priority is determined according to the criticality of said at least one theoretical control (paragraphs 0024, 0068-0072, & 0080-0085).

Regarding claim 13:	Ganor further discloses wherein said at least one implementation priority is determined according to the volatility of said at least one theoretical control (Ibid).

Regarding claim 14:	Ganor further discloses a machine learning component disposed in connection with at least one data warehouse, said machine learning component configured to be trained according to the user's inputs (paragraphs 0058, 0068-0070, & 0074-0075).

Regarding claim 15:	Ganor further discloses wherein said at least one threat framework is alterable by the user (paragraphs 0020-0024 & 0080-0085).

Regarding claim 16:	Ganor further discloses wherein said notification component is disposed in input-output relation with a graphic user interface (paragraphs 0020-0024, 0061-0062, & 0092; see also Figures 4A & 4B).

Regarding claim 17:	Ganor further discloses wherein said notification is configured to obtain authorization from the user prior to the implementation of said at least one remedial control (paragraphs 0015, 0061, 0070, 0101, and 0115).

Regarding claim 18:
Ganor discloses a method for processing cyber-risk in real time, the method comprising performance by at least one processor, in connection with a memory, including: profiling a user's cybersecurity architecture for the determination of least one baseline according to at least one data feed (paragraphs 0068-0070, 0080-0085, & 0095); analyzing the at least one baseline for the determination of at least one threat framework, the at least one threat framework comprising at least one considered variable (Ibid); evaluating the at least one baseline and the least one threat framework for the determination of at least one identified threat (Ibid); determining, from the at least one identified threat, at least one theoretical control and at least one implementation priority therefrom (Ibid); documenting data pertinent to the at least one identified threat, the at least one theoretical control, and the at least one implementation priority (paragraphs 0068-0072, 0080-0085, & 0092-0093); implementing at least one remedial control according to the at least one implementation priority (Ibid, and also paragraphs 0020-0024); validating the at least one remedial control (Ibid); and monitoring and auditing the user's cybersecurity architecture (Ibid, and also paragraph 0112).

Regarding claim 19:	Ganor further discloses notifying the user of the implementation of the at least one remedial control (paragraphs 0024, 0071-0072, & 0092-0093).

Regarding claim 20:	Ganor further discloses rejecting the implementation of the at least one remedial control by the user (paragraphs 0017, 0024, & 0087-0090).

Regarding claim 21:	Ganor further discloses determining the at least one identified threat according to an appraisal routine (paragraphs 0068-0070, 0075, & 0080-0085).

Regarding claim 22:	Ganor further discloses determining the at least one threat framework according to an analytic routine (Ibid).
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure: U.S. Patent Publications 2020/0162497 (Iyer) and 2019/0207968 (Heckman).
Any inquiry concerning this communication or earlier communications from the examiner should be directed to THOMAS A GYORFI whose telephone number is (571)272-3849. The examiner can normally be reached 10:00am - 6:30pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Joseph Hirl can be reached on 571-272-3685. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

THOMAS A. GYORFI
Examiner
Art Unit 2435



/THOMAS A GYORFI/Examiner, Art Unit 2435                                                                                                                                                                                                        8/12/2022