DETAILED ACTION
In replay to applicant communication filed on October 28, 2020, claims 1-20 have been presented. 

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Claims 1-20 are pending.


Allowable Subject Matter
Claims 1-20 are allowed. The following is an examiner’s statement of reasons for allowance:
The primary reason for allowance of the independent claims are the combined limitations of collecting threat intelligence data, wherein the threat intelligence data comprises indicators of compromise (IoC), and wherein the IoCs comprise data related to cyberattack chains; determining a relevance of the IoCs for the device; measuring a utilization of security measures in terms of their detection of the IoCs and their respective responses to the IoCs; measuring a resource consumption of the security measures; and determining a benefit value for the security measures, wherein the benefit value is based at least in part on the utilization and on the relevance of the IoCs detected with the security measure.

The prior art disclosed by Douglas (US 10,009,370) is found as the closest prior art to the claimed features of the invention. Douglas discloses the system and method for detecting and remediating of potential malicious files by decoding the file and processes the identified code stream to determine the presence of indicators of compromise. However, the cited art fail to teach the limitations disclosed above. The dependent claims are allowed as per dependency nature of the allowed independent claims. 
Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance”.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to TESHOME HAILU whose telephone number is (571)270-3159. The examiner can normally be reached M-F 8 a.m. - 5 p.m..
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kambiz Zand can be reached on (571) 272-3811. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.



/TESHOME HAILU/Primary Examiner, Art Unit 2434