DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Allowable Subject Matter
Claims 1-7, 9-16, and 18-20 are allowed.
The following is a statement of reasons for the indication of allowable subject matter:  
Regarding claim 1, 10, 19, and its respective dependents, the art of record either alone or in combination fails to particular disclose or suggest concept of claim limitation “receive data from a plurality of sources associated with an entity; cluster the data into security-related topics;
determine, via one or more machine learning models, capability values of the entity for each of the security related topics, wherein the capability values correspond to capabilities of the entity with respect to the security related topics: determine, via the one or more machine learning models, maturity values of the entity for each of the security-related topics, respectively, wherein the maturity values correspond to a level of security of the entity with respect to the security-related topics, respectively; generate overall values based on the capability values and the maturity values; and
generate and output recommendations to improve the determined maturity values.”
As to the art of record, Heckman reference the concept of a system for providing an integrated assessment of risk management and maturity for organizational cybersecurity/privacy program. However, Heckman does not teach with respect to the entire or combination claim limitation of “receive data from a plurality of sources associated with an entity; cluster the data into security-related topics;
determine, via one or more machine learning models, capability values of the entity for each of the security related topics, wherein the capability values correspond to capabilities of the entity with respect to the security related topics: determine, via the one or more machine learning models, maturity values of the entity for each of the security-related topics, respectively, wherein the maturity values correspond to a level of security of the entity with respect to the security-related topics, respectively; generate overall values based on the capability values and the maturity values; and
generate and output recommendations to improve the determined maturity values.”
As to the art of record, Gazit et al. reference discloses the concept to improve the cybersecurity based on access capability exercise sufficiency. However, Gazit et al. does not teach with respect to the entire or combination claim limitation of “receive data from a plurality of sources associated with an entity; cluster the data into security-related topics; determine, via one or more machine learning models, capability values of the entity for each of the security related topics, wherein the capability values correspond to capabilities of the entity with respect to the security related topics: determine, via the one or more machine learning models, maturity values of the entity for each of the security-related topics, respectively, wherein the maturity values correspond to a level of security of the entity with respect to the security-related topics, respectively; generate overall values based on the capability values and the maturity values; and generate and output recommendations to improve the determined maturity values.”
As to the art of record, Kumar et al. reference discloses the concept to deploy a security policy based on network topology and device capability. However, Kumar et al. does not teach with respect to the entire or combination claim limitation of “receive data from a plurality of sources associated with an entity; cluster the data into security-related topics; determine, via one or more machine learning models, capability values of the entity for each of the security related topics, wherein the capability values correspond to capabilities of the entity with respect to the security related topics: determine, via the one or more machine learning models, maturity values of the entity for each of the security-related topics, respectively, wherein the maturity values correspond to a level of security of the entity with respect to the security-related topics, respectively; generate overall values based on the capability values and the maturity values; and generate and output recommendations to improve the determined maturity values.”
Conclusion

Any inquiry concerning this communication or earlier communications from the examiner should be directed to CAI Y CHEN whose telephone number is (571)270-5679. The examiner can normally be reached 8:30 AM -4:30 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Brian Pendleton can be reached on 571-272-7527. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/CAI Y CHEN/               Primary Examiner, Art Unit 2425