Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

2.	This is in reply to an application filed on July 08, 2020.  

Priority
3.	17240058, filed 04/26/2021 is a continuation of 16889741, filed 06/01/2020, now U.S. Patent #10990916 16889741 is a continuation of 16537321, filed 08/09/2019 ,now U.S. Patent #10671957 16537321 is a continuation of 16244862, filed 01/10/2019 ,now U.S. Patent #10438155 16244862 is a continuation of 16019243, filed 06/26/2018 ,now U.S. Patent #10217071 16019243 is a continuation of 15663541, filed 07/28/2017 ,now U.S. Patent #10614401. Therefore, the effective filling date for the subject matter defined in the pending claims of this application is June 01, 2020.	

Information Disclosure Statement
4.	The information disclosure statements (IDS) submitted on 02/03/2022 has been considered. The submission complies with the provisions of 37 CFR 1.97. Form PTO-1449 is signed and attached hereto. 
Drawings
5.	The drawings filed on April 26, 2021 are accepted. 

Specification
6.	The specification filed on April 26, 2021 is also accepted.

Double Patenting
7.	The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the "right to exclude" granted by a patent and to prevent possible harassment by multiple assignees.  See In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); and, In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) may be used to overcome an actual or provisional rejection based on a nonstatutory double patenting ground provided the conflicting application or patent is shown to be commonly owned with this application.  See 37 CFR 1.130(b).
Effective January 1, 1994, a registered attorney or agent of record may sign a terminal disclaimer.  A terminal disclaimer signed by the assignee must fully comply with 37 CFR 3.73(b).


8.	Claims 1-20 are rejected under the judicially created doctrine of obviousness-type double patenting as being unpatentable over claims 1-20 of U.S. Patent No. 10,990,916 B2 (hereinafter refereed as ‘916 Patent) Although the conflicting claims are not identical, they are not patentably distinct from each other.
The following is referring to the independent claim


[Symbol font/0xB7]  	As per independent claims 1, 4 and 20, 
		Independent claims 1, 4 and 20 of the instant application and claims 1, 4 and 20 of the ‘916 patent recite similar limitation. The above independent claims, namely claims 1, 4 and 20 of the instant/present application would have been obvious over independent claims 1, 4 and 20 of the ‘916 patent because each and every element of the above independent claims 1, 4 and 20 of the present application is anticipated by the corresponding independent claims 1, 4 and 20 of the ‘916 patent.

The following is referring to the dependent claims

[Symbol font/0xB7]  	Referring to dependent claims 2-3, 5-19,
Claims 2-5, 4-10 and 12-15 of the instant application is also anticipated by claim 2-5, 4-10 and 12-15 of the ‘916 patent since the corresponding claims further recite similar/same limitation of the same subject matter.
‘916 US Patent
Instant / current application No.17/240,058
1. An interactive tool for improving a cybersecurity risk level of a portfolio of companies, the interactive tool comprising: a memory; and one or more processors communicatively coupled to the memory, where the one or more processors are configured to: identify: at least one company that experienced a cybersecurity risk event during a certain time period; at least one attribute common to the at least one identified company that experienced the cybersecurity risk event and at least one company in the portfolio of companies, a degree of mutuality of the at least one attribute; determine a probability that another cybersecurity risk event will occur with respect to the portfolio of companies, where the probability depends on at least one of: the number of identified common attributes, and degrees of mutuality of the number of identified attributes; and generate, from the determined probability, a cybersecurity risk multiplier for the portfolio of companies.
1. An interactive tool for improving cybersecurity of a portfolio of companies, the interactive tool comprising: a memory; and one or more processors communicatively coupled to the memory, where the one or more processors are configured to: identify: at least one company that experienced a cybersecurity risk event during a certain time period, at least one attribute common to the at least one identified company that experienced the cybersecurity risk event and at least one company in the portfolio of companies, and a degree of mutuality of the at least one attribute; and generate a cybersecurity risk multiplier for the portfolio of companies using at least one of: a number of the identified common attributes, and degrees of mutuality of the number of identified attributes to determine a cybersecurity risk level of the portfolio of companies.
2. The interactive tool of claim 1, where the one or more processors are further configured to execute at least one action to improve the refined cybersecurity risk level in response to a user selection, where the action comprises: an action to remove a company from the portfolio of companies; and an action to replace the removed company with a new company, where the new company was not previously included in the portfolio of companies
2. The interactive tool of claim 1, where the one or more processors are further configured to execute at least one action to improve the cybersecurity risk level in response to a user selection, where the action comprises: identifying a critical cybersecurity attribute and removing the identified critical cybersecurity attribute from the portfolio of companies.

3. The interactive tool of claim 1 where the refined cybersecurity risk level is expressed as a product of an initial cybersecurity risk level and the cybersecurity risk multiplier.  
3. The interactive tool of claim 1 where the cybersecurity risk level is expressed as a product of an initial cybersecurity risk level and the cybersecurity risk multiplier.
4. A method for improving a cybersecurity risk level of a portfolio of companies, the method comprising: identifying at least one company that experienced a cybersecurity risk event during a certain time period; identifying: at least one attribute common to the at least one identified company that experienced the cybersecurity risk event and at least one company in the portfolio of companies, and a degree of mutuality of the at least one attributes; determining a probability that another cybersecurity risk event will occur with respect to the portfolio of companies, where the probability depends on at least one of: the number of identified common attributes, and degrees of mutuality of the number of identified attributes; and generating, from the determined probability, a cybersecurity risk multiplier for the portfolio of companies.
4. A method for improving cybersecurity of a portfolio of companies, the method comprising: identifying: at least one company that experienced a cybersecurity risk event during a certain time period, at least one attribute common to the at least one identified company that experienced the cybersecurity risk event and at least one company in the portfolio of companies, and a degree of mutuality of the at least one attributes; and generating a cybersecurity risk multiplier for the portfolio of companies using at least one of: a number of the identified common attributes, and degrees of mutuality of the number of identified attributes to determine a cybersecurity risk level of the portfolio of companies.
5. (Currently Amended) The method of claim 4, further comprising: executing at least one action to improve the refined cybersecurity risk level in response to a user selection, where the one or more actions comprise: removing a company from the portfolio of companies; replacing the removed company with a new company, where the new company was not previously included in the portfolio of companies; and identifying a critical cybersecurity attribute and remove the identified critical cybersecurity attribute from the portfolio of companies.
5. The method of claim 4, further comprising: executing at least one action to improve the cybersecurity risk level in response to a user selection, where the one or more actions comprise: identifying a critical cybersecurity attribute and removing the identified critical cybersecurity attribute from the portfolio of companies.
6. The method of claim 4, where the generated cybersecurity risk level is expressed as a product of an initial cybersecurity risk level and the cybersecurity risk multiplier.
6. The method of claim 4, where the generated cybersecurity risk level is expressed as a product of an initial cybersecurity risk level and the cybersecurity risk multiplier.  
7. The method of claim 4, where the at least one identified company that experienced a cybersecurity risk event during the certain time period is in the portfolio of companies.
7. The method of claim 4, where the at least one identified company that experienced a cybersecurity risk event during the certain time period is in the portfolio of companies.
8. The method of claim 7, where the certain time period is historical.
8. The method of claim 7, where the certain time period is historical.  
9. The method of claim 4, where the at least one identified company that experienced a cybersecurity risk event during the certain time period is not in the portfolio of companies.
9. The method of claim 4, where the at least one identified company that experienced a cybersecurity risk event during the certain time period is not in the portfolio of companies.
10. The method of claim 9, where the certain time period is historical.
10. The method of claim 9, where the certain time period is historical.
11. The method of claim 6, where the initial cybersecurity risk level is generated, at least in part, from cybersecurity data relating to at least one company in the portfolio of companies during the certain time period.
11. The method of claim 6, where the initial cybersecurity risk level is generated, at least in part, from cybersecurity data relating to at least one company in the portfolio of companies during the certain time period.
12. The method of claim 6, where the initial cybersecurity risk level is generated, at least in part, by comparing attributes indicative of cybersecurity risk level of companies in the portfolio of companies to the attributes indicative of cybersecurity risk level of companies in another portfolio of companies comprising randomly selected companies.
12. The method of claim 6, where the initial cybersecurity risk level is generated, at least in part, by comparing attributes indicative of cybersecurity risk level of companies in the portfolio of companies to the attributes indicative of cybersecurity risk level of companies in another portfolio of companies comprising randomly selected companies.
13. The method of claim 4, where the identified common attributes are weighted according to their correlation with an incidence of a cybersecurity risk event, and the determined probability further depends on the weights of the identified common attributes.
13. The method of claim 4, where the identified common attributes are weighted according to their correlation with an incidence of a cybersecurity risk event, and the determined probability further depends on the weights of the identified common attributes.
14. The method of claim 4, where the identified common attributes comprise an internal attribute that is shared by companies in the portfolio of companies.
14. The method of claim 4, where the identified common attributes comprise an internal attribute that is shared by companies in the portfolio of companies.
15. The method of claim 14, where the internal attribute comprises one or more of vulnerable host, obsolete user agent, number of new malware events, open ports, slow patching cadence, and inadequate use of firewalls and inadequate use of intrusion detection system.
15. The method of claim 14, where the internal attribute comprises one or more of vulnerable host, obsolete user agent, number of new malware events, open ports, slow patching cadence, and inadequate use of firewalls and inadequate use of intrusion detection system.
16. The method of claim 4, where the identified common attributes comprise an external attribute that is shared by companies in the portfolio of companies and one or more companies not in the portfolio of companies.
16. The method of claim 4, where the identified common attributes comprise an external attribute that is shared by companies in the portfolio of companies and one or more companies not in the portfolio of companies.
17. The method of claim 16, where the external attribute comprises one or more of. inadequate use of social media accounts, lost or stolen passwords, and inadequate social network sentiment.
17. The method of claim 16, where the external attribute comprises one or more of. inadequate use of social media accounts, lost or stolen passwords, and inadequate social network sentiment.
18. The method of claim 4, where the identified common attributes comprises a first- degree common attribute, and where the first-degree common attribute comprises at least one vendor that is common to two or more companies in the portfolio of companies.
18. The method of claim 4, where the identified common attributes comprise a first- degree common attribute, and where the first-degree common attribute comprises at least one vendor that is common to two or more companies in the portfolio of companies.
19. The method of claim 4, where the identified common attributes comprises a second-degree common attribute, and where the second-degree common attribute comprises at least one vendor that is common to two or more vendors, where the two or more vendors are common to two or more companies in the portfolio of companies.
19. The method of claim 4, where the identified common attributes comprise a second-degree common attribute, and where the second-degree common attribute comprises at least one vendor that is common to two or more vendors, where the two or more vendors are common to two or more companies in the portfolio of companies.
20. A non-transitory computer-readable storage medium storing instructions that, when executed by one or more processors, cause the one or more processors to perform operations to improve a cybersecurity risk level of a portfolio of companies, the operations comprising: identifying: at least one company that experienced a cybersecurity risk event during a certain time period, at least one attribute common to the at least one identified company that experienced the cybersecurity risk event and at least one company in the portfolio of companies, and a degree of mutuality of the at least one attributes; and generating a cybersecurity risk multiplier for the portfolio of companies using at least one of: a number of the identified common attributes, and degrees of mutuality of the number of identified attributes, to determine a cybersecurity risk level of the portfolio of companies.
20. A non-transitory computer-readable storage medium storing instructions that, when executed by one or more processors, cause the one or more processors to perform operations to improve a cybersecurity risk level of a portfolio of companies, the operations comprising: identifying: at least one company that experienced a cybersecurity risk event during a certain time period, at least one attribute common to the at least one identified company that experienced the cybersecurity risk event and at least one company in the portfolio of companies, and a degree of mutuality of the at least one attributes; and generating a cybersecurity risk multiplier for the portfolio of companies using at least one of: a number of the identified common attributes, and degrees of mutuality of the number of identified attributes, to determine a cybersecurity risk level of the portfolio of companies.


Prior art
9.	The prior art made of record and not relied upon is considered pertinent to applicant's disclosure: 
 Woods et al. (US 2018/0124114 A1) is generally directed to a method includes obtaining information defining a custom rule from a user. The custom rule is associated with a cyber-security risk. The custom rule identifies a type of cyber-security risk associated with the custom rule and information to be used to discover whether the cyber-security risk is present in one or more devices or systems of an industrial process control and automation system. The method also includes providing information associated with the custom rule for collection of information related to the custom rule from the one or more devices or systems. The method further includes analyzing the collected information related to the custom rule to identify at least one risk score associated with the one or more devices or systems and/or the industrial process control and automation system 1and sending the aggregated soft card data to the mobile device.

Foster et al. (US 2014/0337973 A1) is generally directed to an application risk management platform may support subscriptions to one or more cyber-security applications and/or features. Users of the risk management platform may include individuals and/or organizations seeking to increase insight into risks posed by social entities and to lessen susceptibility to fraud, user impersonation, negative social engineering, and other malicious behaviors. Social entities protected by the risk management platform may include, for example, individuals who have registered accounts valid subscriptions to a risk management platform offering, personnel associated with registered organizations, and/or organizations themselves. Individuals and organizations may be able to employ the risk management platform alongside other cyber security platforms. The risk management platform may, for example, work in conjunction with a subscribing organization's firewall to increase the overall cyber-security of the organization and associated individual.

 Hawthorn et al (US 2015/0229664 A1) is generally directed to managing security risks in computing networks, and more particularly relates to assessing security risks of users in a computing network. These security risks may be assessed based on a behavioral and/or technical profile of a user and 

Yampolskiy et al. (9,294,498 B1) is generally directed to corporate cybersecurity technology. More specifically, this disclosure relates to calculating an entity's cybersecurity risk and benchmarking the calculated risk.
Conclusion
10.	Any inquiry concerning this communication or earlier communications from the examiner should be directed to ABIY GETACHEW whose telephone number is (571)272-6932. The examiner can normally be reached Mon.-Fri. 9:00 AM - 5:30 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kambiz Zand can be reached on (571) 272-3811. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





A.G.
August 27, 2022
/ABIY GETACHEW/Primary Examiner, Art Unit 2434