DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Claims 1-21 are presented for examination.

Priority
The claim for priority from US Provisional 62/873,530 filed on 12 July 2019 is duly noted.

Drawings
The drawings are objected to because in Figure 2, “236” should read –235–.  
Corrected drawing sheets in compliance with 37 CFR 1.121(d) are required in reply to the Office action to avoid abandonment of the application. Any amended replacement drawing sheet should include all of the figures appearing on the immediate prior version of the sheet, even if only one figure is being amended. The figure or figure number of an amended drawing should not be labeled as “amended.” If a drawing figure is to be canceled, the appropriate figure must be removed from the replacement sheet, and where necessary, the remaining figures must be renumbered and appropriate changes made to the brief description of the several views of the drawings for consistency. Additional replacement sheets may be necessary to show the renumbering of the remaining figures. Each drawing sheet submitted after the filing date of an application must be labeled in the top margin as either “Replacement Sheet” or “New Sheet” pursuant to 37 CFR 1.121(d). If the changes are not accepted by the examiner, the applicant will be notified and informed of any required corrective action in the next Office action. The objection to the drawings will not be held in abeyance.

Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.

Claim(s) 1, 8, and 15 is/are rejected under 35 U.S.C. 102(a)(2) as being anticipated by Lee et al. (US 2019/0052663 A1 and Lee hereinafter).
As to claims 1 and 8, Lee discloses a system and method for enhancing network security, the system and method having:
receiving, from an agile security platform, analytical attack graph (AAG) data representative of one or more AAGs, each AAG representing one or more lateral paths within an enterprise network for reaching a target asset from one or more assets within the enterprise network (0008, lines 5-13; 0011, lines 1-5; 0012, lines 1-6); 
determining, for each instance of a plurality of instances of the AAG, a graph value representing a measure of hackability of the enterprise network at respective times (0012, lines 1-6; 0085-0090); 
providing a profile of the enterprise network based on a set of graph values determined for instances of the AAG, the profile representing changes in graph values over time (0058, lines 1-8); 
determining an effectiveness of one or more security controls based on the profile (0087; 0089; 0093-0098); 
selectively executing one or more remedial actions in response to the effectiveness (0092, lines 1-4; 0098, lines 1-6).

As to claim 15, Lee discloses:
one or more processors (0170, lines 9-12); 
a computer-readable storage device coupled to the one or more processors and having instructions stored thereon which, when executed by the one or more processors, cause the one or more processors to perform operations for security of enterprise networks (0170, lines 9-16), the operations comprising: 
receiving, from an agile security platform, analytical attack graph (AAG) data representative of one or more AAGs, each AAG representing one or more lateral paths within an enterprise network for reaching a target asset from one or more assets within the enterprise network (0008, lines 5-13; 0011, lines 1-5; 0012, lines 1-6); 
determining, for each instance of a plurality of instances of the AAG, a graph value representing a measure of hackability of the enterprise network at respective times (0012, lines 1-6; 0085-0090); 
providing a profile of the enterprise network based on a set of graph values determined for instances of the AAG, the profile representing changes in graph values over time (0058, lines 1-8); 
determining an effectiveness of one or more security controls based on the profile (0087; 0089; 0093-0098); 
selectively executing one or more remedial actions in response to the effectiveness (0092, lines 1-4; 0098, lines 1-6).

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary.  Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.
Claim(s) 5, 12, and 19 is/are rejected under 35 U.S.C. 103 as being unpatentable over Lee as applied to claims 1, 8, and 15 above, and further in view of Jin et al. (WO 2020/242275 A1 and Jin hereinafter).
As to claims 5, 12, and 19, Lee fails to specifically disclose:
wherein the one or more remedial actions comprise one or more of rolling back at least one security control of the one or more security controls, and implementing at least one additional security control.
Nonetheless, this feature is well known in the art and would have been an obvious modification of the teachings disclosed by Lee, as taught by Jin.
Jin discloses a system and method for root cause analysis and automation using machine learning, the system and method having:
wherein the one or more remedial actions comprise one or more of rolling back at least one security control of the one or more security controls, and implementing at least one additional security control (118, lines 3-8; 119, lines 1-4).
Given the teaching of Jin, a person having ordinary skill in the art before the effective filing date of the claimed invention would have readily recognized the desirability and advantages of modifying the teachings of Lee with the teachings of Jin by remedial actions of rolling back a control and implementing a control. Jin recites motivation by disclosing that remedial actions include performing necessary actions including corrective actions in order to restore the network to its normal functioning state (118, 119). It is obvious that the teachings of Jin would have improved the teachings of Lee by rolling back and implementing security controls in order to restore the network to its normal functioning state.

Claim(s) 7, 14, and 21 is/are rejected under 35 U.S.C. 103 as being unpatentable over Lee as applied to claims 1, 8, and 15 above, and further in view of Naghmouchi et al. (WO 2018/002484 A1 and Naghmouchi hereinafter).
As to claims 7, 14, and 21, Lee fails to specifically disclose:
wherein the one or more security controls comprise one or more security controls provided in ISO/IEC 27001.
Nonetheless, this feature is well known in the art and would have been an obvious modification of the teachings disclosed by Lee, as taught by Naghmouchi.
Naghmouchi discloses a system and method for monitoring the security of an information system, the system and method having:
wherein the one or more security controls comprise one or more security controls provided in ISO/IEC 27001 (page 2, lines 22-29).
Given the teaching of Naghmouchi, a person having ordinary skill in the art before the effective filing date of the claimed invention would have readily recognized the desirability and advantages of modifying the teachings of Lee with the teachings of Naghmouchi by using a ISO/IEC 27001 control. Naghmouchi recites motivation by disclosing that using the ISO/IEC 27001 standard provides for the management of security while managing cost (page 2, lines 22-32). It is obvious that the teachings of Naghmouchi would have improved the teachings of Lee by using ISO/IEC 27001 controls in order to manage security in a cost efficiently.

Allowable Subject Matter
Claims 2-4, 6, 9-11, 13, 16-18, and 20 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.

Prior Art Made of Record
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 
Abraham et al. (“A Predictive Framework for Cyber Security Analytics Using Attack Graphs”) discloses a system and method for a stochastic security framework for obtaining quantitative measures of security accounting for dynamic attributes associated with vulnerabilities.
Digiambattista et al. (US 2019/0230129 A1) discloses a system and method for monitoring and reporting enterprise level cybersecurity remediation.
Engelberg et al. (US 2021/0409439 A1) discloses a system and method for executing enterprise process abstraction using process aware analytical attack graphs.
Grabois et al. (US 2020/0177615 A1) discloses a system and method for leveraging attack graphs of agile security platform.
Hadar et al. (US 2020/0177616 A1) discloses a system and method for generating attack graphs in agile security platforms.
Hadar et al. (US 2020/0177617 A1) discloses a system and method for generating attack graphs in agile security platforms.
Hadar et al. (US 2020/0177619 A1) discloses a system and method for generating attack graphs in agile security platforms.
Hadar et al. (US 2021/0273978 A1) discloses a system and method for cyber digital twin simulator for security controls requirements.
Harry et al. (US 2020/0272972 A1) discloses a system and method for assessing, measuring, managing, and/or optimizing cyber risk.
Hassanzadeh et al. (US 2022/0131894 A1) discloses a system and method for process risk calculation based on hardness of attack paths.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SARAH SU whose telephone number is (571)270-3835. The examiner can normally be reached 7:30 AM - 4:00 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Lynn Feild can be reached on 571-272-2092. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.



/SARAH SU/Primary Examiner, Art Unit 2431