Prosecution Insights
Last updated: April 18, 2026
Application No. 18/594,815

Optimizing Cyber Security Projects

Final Rejection §101§103§DP
Filed
Mar 04, 2024
Examiner
HOLZMACHER, DERICK J
Art Unit
3625
Tech Center
3600 — Transportation & Electronic Commerce
Assignee
The Boston Consulting Group Inc.
OA Round
2 (Final)
44%
Grant Probability
Moderate
3-4
OA Rounds
3y 3m
To Grant
73%
With Interview

Examiner Intelligence

Grants 44% of resolved cases
44%
Career Allow Rate
120 granted / 270 resolved
-7.6% vs TC avg
Strong +28% interview lift
Without
With
+28.4%
Interview Lift
resolved cases with interview
Typical timeline
3y 3m
Avg Prosecution
33 currently pending
Career history
303
Total Applications
across all art units

Statute-Specific Performance

§101
42.6%
+2.6% vs TC avg
§103
28.9%
-11.1% vs TC avg
§102
6.0%
-34.0% vs TC avg
§112
16.1%
-23.9% vs TC avg
Black line = Tech Center average estimate • Based on career data from 270 resolved cases

Office Action

§101 §103 §DP
DETAILED ACTION 1. The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . The following FINAL office action is in response to Applicant communication filed on 12/02/2025 regarding application 18/594,815. Independent Claim 1 has been amended. Claims 2-20 have been added as new claims. Claims 1-20 have been rejected. Response to Amendments 2. Applicant’s amendment filed on 12/02/2025 necessitated new grounds of rejection in this office action. Priority 3. The Examiner has noted the Applicants claiming from Continuation (CON) Application # 17/540,756 filed on 07/19/2019 and Continuation in Part (CIP) Application # 18/594,815 filed on 12/02/2021. Therefore, the earliest effective filing date examined for this application is of 07/19/2019. Examiner Note: Please note Examiner has considered the Specification amendments submitted regarding (1) the marked-up version Specification Disclosure provided by the Applicant on 12/02/2025 and (2) the clean version Specification Disclosure provided by the Applicant on 12/02/2025 and entered “OK to enter” with Examiner’s initials and date into the case file for each Specification Disclosure document. Response to Arguments 4. Applicant’s arguments, see page 8 of 13 filed on 12/02/2025, with respect to the previous Specification Disclosure Objections have been fully considered and are found to be persuasive. Therefore, the previous Specification Disclosure Objections have been withdrawn. 5. Applicant’s arguments, see page 8 of 13 filed on 12/02/2025, with respect to the previous Non-Statutory Double Patenting Rejections as being unpatentable over Claim 1 of U.S. Patent # (US 11,232,384 B1) have been fully considered and are found to be persuasive. Therefore, the previous Non-Statutory Double Patenting Rejections as being unpatentable over Claim 1 of U.S. Patent # (US 11,232,384 B1) have been withdrawn. 6. Applicant’s arguments, see pages 11-12 of 13, filed on 12/02/2025, with respect to the 35 U.S.C. § 102 (a) (1) Claim Rejections for Claim 1 have been fully considered and is found to be not persuasive. Therefore, Applicant’s arguments with respect to Claims 1-20 have been considered, but are moot in support of the new limitations added to the amendment to Independent Claims 1 and 11, which are believed to be fully addressed via the new grounds of rejection set forth under 35 U.S.C. § 103 below. Response to 35 U.S.C. § 101 Arguments 7. Applicant’s 35 U.S.C. § 101 arguments, filed with respect to Claims 1-20 have been fully considered, but they are found not persuasive (see Applicant Remarks, Pages 8-11 of 13 dated 12/02/2025). Examiner respectfully disagrees. Argument #1: (A). Applicant argues that Claims 1-20 do not recite an abstract idea, law of nature of natural phenomenon under revised step 2a prong one of the 35 U.S.C § 101 analysis (see Applicant Remarks, Page 9 of 13, dated 12/02/2025). Examiner respectfully disagrees. Specifically, Applicant argues that amended claim limitations of Independent Claims 1 and 11 recites specific technical processes that go beyond abstract mental processes. The limitation “calculating frequency and severity distributions for cybersecurity threats using a Loss Distribution Approach as recited requires specific mathematical computations using statistical methodologies that cannot be performed mentally or with pen and paper (see Applicant Remarks, Page 9 of 13, dated 12/02/2025). Examiner respectfully disagrees. In response to Applicant’s comments under step 2a prong one, Examiner points out that the claim limitations of Independent Claims 1 and 11 that the core abstract ideas of these claims recite managing business risk by using mathematical models to evaluate potential projects and optimize the selection of a project portfolio. It is fundamentally a risk assessment and resource allocation method implemented using mathematical techniques (such as Monte Carlo simulations and optimization algorithms) in the field of cybersecurity risk management. The claim limitations of Independent Claims 1 and 11 recite the steps of (e.g., “calculating frequency and severity distributions for cyber security threats using a loss distribution approach” & “performing Monte Carlo simulations to generate aggregate loss distributions” & “computing redundancy and synergy coefficients using weighted matrix calculations”) can be performed as “Mathematical Concepts” via (1) mathematical calculations or (2) mathematical relationships and additionally or alternatively as “Mental Processes” via (3) concepts performed in the human mind (including observations or evaluations or judgments) or (4) using pen and paper as a physical aid. With respect to the argument that amended Independent Claims 1 and 11 cannot be performed/executed by the human mind”, Examiner refers Applicant to MPEP § 2106.04 (a) (2) (III) (C): “Claims can recite a mental process even if they are claimed as being performed on a computer. The Supreme Court recognized this in Benson, determining that a mathematical algorithm for converting binary coded decimal to pure binary within a computer’s shift register was an abstract idea. The Court concluded that the algorithm could be performed purely mentally even though the claimed procedures "can be carried out in existing computers long in use, no new machinery being necessary." 409 U.S at 67, 175 USPQ at 675. See also Mortgage Grader, 811 F.3d at 1324, 117 USPQ2d at 1699 (concluding that concept of "anonymous loan shopping" recited in a computer system claim is an abstract idea because it could be "performed by humans without a computer").” “For instance, the Examiner has reviewed Applicant’s Specification and determined that the claimed invention is described as concepts that are performed in the human mind and applicant is merely claiming that concept performed 1) on a generic computer (e.g., see Applicant’s Specification ¶ [0059] & Fig. 5: “Computer 505 can include a processor 510 suitable for the execution of a computer program, and can include, by way of example, both general and special purpose microprocessors, and any one or more processor of any kind of digital computer”.) or 2) in a computer environment (e.g., see Applicant’s Specification ¶ [0057]: “A computer program (also known as a program, software, software application, or code) can be written in any form of programming language, including compiled or interpreted languages, and it can be deployed in any form, including as a stand-alone program or as a module, component, subroutine, or other unit suitable for use in a computing environment.”), or 3) is merely using a computer as a tool to perform these concepts.” Also, Examiner refers Applicant to MPEP § 2106.04 (a) III (B): “The use of a physical aid (e.g., pencil and paper or a slide rule) to help perform a mental step does not negate the mental nature of the limitation, but simply accounts for variations in memory capacity from one person to another. The use of "physical aids" in implementing the abstract mental process, does not preclude the claim from reciting an abstract idea. See MPEP § 2106.04(a) III C. Thus, Examiner maintains that Claims 1-20 still recite a mental process. Alternatively, with respect to “Mathematical Concepts” category, Examiner refers Applicant to MPEP § 2106.04 (a) (2) (I) (C): “A claim that recites a mathematical calculation, when the claim is given its broadest reasonable interpretation in light of the specification, will be considered as falling within the "mathematical concepts" grouping.” “It is important to note that a mathematical concept need not be expressed in mathematical symbols, because "[w]ords used in a claim operating on data to solve a problem can serve the same purpose as a formula." In re Grams, 888 F.2d 835, 837 and n.1, 12 USPQ2d 1824, 1826 and n.1 (Fed. Cir. 1989). See, e.g., SAP America, Inc. v. InvestPic, LLC, 898 F.3d 1161, 1163, 127 USPQ2d 1597, 1599 (Fed. Cir. 2018) (holding that claims to a ‘‘series of mathematical calculations based on selected information’’ are directed to abstract ideas); Digitech Image Techs., LLC v. Elecs. for Imaging, Inc., 758 F.3d 1344, 1350, 111 USPQ2d 1717, 1721 (Fed. Cir. 2014) (holding that claims to a ‘‘process of organizing information through mathematical correlations’’ are directed to an abstract idea).” Furthermore, see MPEP § 2106.05 (c): “For data, mere "manipulation of basic mathematical constructs [i.e.,] the paradigmatic ‘abstract idea,’" has not been deemed a transformation. CyberSource v. Retail Decisions, 654 F.3d 1366, 1372 n.2, 99 USPQ2d 1690, 1695 n.2 (Fed. Cir. 2011) (quoting In re Warmerdam, 33 F.3d 1354, 1355, 1360, 31 USPQ2d 1754, 1755, 1759 (Fed. Cir. 1994)).” Therefore, for example; in Independent Claims 1 and 11, the steps of (e.g., “calculating frequency and severity distributions for cyber security threats using a loss distribution approach” & “performing Monte Carlo simulations to generate aggregate loss distributions” & “computing redundancy and synergy coefficients using weighted matrix calculations”) can be performed as “Mathematical Concepts” via mathematical calculations or mathematical relationships. In conclusion, Examiner maintains that Claims 1-20 are directed to abstract ideas under “Mental Processes” or “Mathematical Concepts” or “Certain Methods of Organizing Human Activities” Groupings under 35 U.S.C. § 101 Step 2A Prong 1. Argument #2: (B). Applicant argues that Claims 1-20 recite additional elements that integrate the judicial exception into a practical application under revised step 2a prong two of the 35 U.S.C. § 101 analysis (see Applicant Remarks, Pages 9-10 of 13, dated 12/02/2025). Examiner respectfully disagrees. Specifically, Applicant argues that the “automatic configuration limitation” provides a practical application with real-world technological effects. The limitation “managing a configuration of an application based on the subset of cyber security related projects” as recited by amended claim 1 goes beyond merely identifying or organizing projects and actually implements technical changes to computer security infrastructure (see Applicant’s Remarks, last ¶ of Page 9 thru 1st ¶ of Page 10, dated 12/02/2025). Examiner respectfully disagrees. In response to Applicant’s arguments here for step 2a prong 2, Examiner points that despite the assertion of “real-world technological effects” of managing a configuration for a subset of cybersecurity related projects for Independent Claims 1 and 11, the following points below demonstrate the claims remain patent ineligible because they are “directed to” the recited abstract ideas”. First, recitation of a generic results rather than a technical solution, Under the court case of Recentive Analytics v. Fox (Fed. Cir. 2025), a claim does not integrate an abstract idea into a practical application if it merely recites a result (selecting and implementing a configuration) without describing the specific technical mechanism by which the computer or network is improved. Independent Claims 1 and 11 do not describe how the application is reconfigured – such as modifying specific code, ports or protocols, but instead describes the outcome of the earlier mathematical modeling (see MPEP § 2106.05 (h)). Secondly, “managing a configuration” is an “apply it” instruction that uses a generic computer to execute the choices derived from the abstract project selection (see MPEP § 2106.05 (f)). Merely implementing a business-level decision (which projects to fund/use) on a computer system does not transform the underlying organizational or mathematical method into a technical one. Because the claims do not reflect a technological improvement to the computer or network, but rather automate a complex financial and organizational risk-assessment process – the “automatic configuration” step is insufficient to render the claims patent eligible under 35 U.S.C. § 101 step 2a prong 2. Therefore, Examiner maintains that Claims 1-20 remain patent ineligible under 35 U.S.C. § 101 step 2a prong 2 as not reciting additional elements to integrate the judicial exception into a practical application. Argument #3: (C). Applicant argues that for Independent Claims 1 and 11 the claims do not recite a mantal process when they do not contain limitations that can practically be performed in the human mind for instance when the human mind is not equipped to perform the claim limitations under revised step 2a prong one of the 35 U.S.C. § 101 analysis (see Applicant Remarks, 1st thru 2nd ¶’s of Page 10 of 13, dated 12/02/2025). Examiner respectfully disagrees. Examiner notes that the argument that the claims escape the “mental process” category because the calculations (LDA, Monte Carlo, Weighted Matrices) are too complex for the human mind fails for several reasons. Mathematical Algorithms and Calculations: The applicant argues the "Loss Distribution Approach" and Monte Carlo simulations are complex. However, USPTO guidance states that mathematical concepts, including mathematical formulas, equations, and calculations, are considered abstract ideas. The core of these claims are performing statistical calculations (frequency and severity distributions) and running simulations, which are mathematical tools. "Mental Process" Rebuttal: The applicant argues these steps cannot be performed mentally. However, according to USPTO guidance, a claim limitation is not excluded from the "mental process" grouping simply because it is difficult for a human to perform. If the step is essentially a mental calculation or a "fundamental economic practice" (like risk assessment), it is considered abstract. The complexity of the math does not change its nature as a mathematical algorithm. Risk Management/Insurance Concept: The claimed subject matter—modeling cyber security threats to determine "aggregate loss distributions"—is fundamentally a financial or risk management activity, analogous to actuarial modeling for insurance. Risk assessment and mitigation are "certain methods of organizing human activity" that are considered abstract, regardless of whether they use computers. Goal of the Claim: The claim aims to achieve a business goal (predicting financial loss from cyber threats) rather than improve the functioning of a computer itself. Generic Use of Computer Technology: The Monte Carlo simulation, while requiring high computing power, is a well-known, conventional mathematical technique applied here to a specific field (cybersecurity). Using a computer to perform calculations faster than a human does not transform an abstract idea into patentable subject matter. The claim does not improve the computer's internal functioning (e.g., faster processing, better memory management). Outcome-Focused, Not Implementation-Focused: The claim describes what needs to be calculated (the result) rather than a specific, technical improvement in how to implement the computation in a way that solves a computer-technical problem. If the Claim Recites an Abstract Idea: Even if the claim recites a specific technical implementation (e.g., specific algorithms), it must integrate the abstract idea into a practical application to be patent-eligible. Lack of "Meaningful Limits": The recitation of "Monte Carlo simulations" and "Loss Distribution Approach" can be viewed as providing "generic computer components" to perform standard risk assessment. Without a specific, technical improvement that goes beyond just storing, analyzing, and displaying data based on an algorithm, the claim is directed to an abstract idea without a qualifying "inventive concept". Independent Claims 1 and 11 are directed to an abstract idea because it covers mathematical calculations and risk management techniques that can be performed (in theory) by humans, implemented using generic computer capabilities. Therefore, Claims 1-20 recite an abstract idea under “Certain Methods of Organizing Human Activities” or “Mathematical Concepts” or “Mental Processes” grouping and thus are maintained as patent ineligible. Argument #4: (D). Applicant argues that Independent Claims 1 and 11 for example contains an ordered combination that addresses a specific technical problem and provides technological improvements to computer security systems. The ordered combination of Loss Distribution Approach calculations, Monte Carlo simulations, weighted matrix computations, and evolutionary algorithm optimization as recited by amended claim 1 addresses the technical problem of optimally allocating limited computational security resources to maximize threat mitigation that integrate the judicial exception into a practical application under revised step 2a prong two of the 35 U.S.C. § 101 analysis (see Applicant Remarks, 3rd ¶ of Page 10 of 13, dated 12/02/2025). Examiner respectfully disagrees. The core of the claim—managing application configuration based on a subset of projects—is directed to the abstract idea of "collecting, organizing, and analyzing data" or a "method of organizing human activity." While the applicant argues the "human mind is not equipped" to perform the computations, the underlying concept of grouping, prioritizing, or selecting projects for configuration is a common administrative, business, or mental process. The claimed Loss Distribution Approach (LDA), Monte Carlo simulations, and weighted matrix computations are standard mathematical, economic, or risk-assessment algorithms. The Federal Circuit has frequently found that applying such algorithms to data, even in a specific field, is an abstract idea if the steps do not change the underlying technology. Misapplication of SRI Int'l v. Cisco Systems: While SRI found specialized network monitoring not abstract, the present claim appears closer to taking existing cyber security project data and rearranging it. This is more akin to the ineligible "method of reducing risk" in Alice, rather than creating new network infrastructure. Even if the claim is directed to an abstract idea, it fails to integrate that idea into a practical application. Merely using a computer system—even one designed to perform complex math—to implement an abstract idea does not transform it. The automatic configuration described is simply using a general-purpose computer to "implement" the mathematical results of the LDA/Monte Carlo simulation, which is not a specific improvement to the functionality of the computer itself. The steps of managing a configuration constitute "insignificant extra-solution activity" (often termed "data gathering" or "post-solution activity"). The claim identifies a subset of projects (analysis) and then executes a standard configuration change (action), which does not constitute a "technical improvement" to security infrastructure itself, but rather a management of that infrastructure. The claim, as worded, risks preempting all computer-aided implementations of using cyber security project data to adjust application settings. If the claim covers any system that uses weight-matrix computations to prioritize security, it covers an abstract mathematical concept, not a specific technological solution. The applicant must show that the claims solve a technical problem in a technical way. Merely automating a process (even a complex one) using generic computer components is not sufficient. The focus is on what the computer does to data, rather than how the computer is changed to do it. The claims are patent ineligible because the combination merely automates an abstract business-risk process and does not integrate the exceptions into a practical application. The assertion that the combination of Loss Distribution Approach calculations, Monte Carlo simulations, weighted matrix computations, and evolutionary algorithms provide a “technological improvement” is incorrect for the following reasons. First problem-solution mismatch (business vs. technical). While the argument claims to solve “optimally allocating computational security resources”, this is fundamentally a business and economic problem (resource allocation and risk mitigation), not a technical one. Improving the logic of how one chooses which security tools to use is a “method of organizing human activity” (risk management), and not an improvement to the underlying computer’s hardware or software functionality. Secondly, mathematical conception aggregation. The “ordered combination” consists entirely of mathematical concepts. Simply stringing multiple mathematical steps together (LDA -> Monte Carlo -> Weighted Matrix -> Evolutionary Algorithm) does not transform the abstract math into a practical application. The mathematical result – an “optimized subset” is an informative output, not a technical tool. Thirdly, lack of a specific technical improvement. The claims do not describe a specific change to the computer’s architecture or a novel security protocol. A claim that merely uses a computer as a “tool” to perform complex math more efficiently than a human does not provide a “technological improvement” to the computer itself. Fourth, the “apply it” on generic infrastructure. The step of “managing a configuration” based on the mathematical result is an “apply it” instruction. Implementing a business decision (which projects to prioritize) on generic security infrastructure is considered a limited field of use. It does not integrate the abstract math into a specific, non-conventional technical process. The claims are directed to the abstract idea of using mathematical models (LDA, Monte Carlo) to prioritize security projects. The "automatic configuration" step is merely a high-level functional result, not a specific technological implementation. Therefore, the claims do not move beyond the abstract idea and do not impose a meaningful limit on the use of these algorithms. Therefore, Claims 1-20 are directed to the abstract ideas of mathematical concepts and risk management. Because the additional elements, both individually and as an ordered combination, do not amount to a technological improvement but rather a computerized business strategy, the claims are patent ineligible under 35 U.S.C. § 101. Argument #5: (E). Applicant argues that the claim method improves the functioning of computer security systems through specific technological processes. Unlike the examiner’s characterization of the original claim as merely using a computer to apply an abstract idea, amended claim 1 recites specific technical processes that enhance the operation of computer security systems by providing quantitative risk assessment capabilities, optimized resource allocation algorithms, and automated security control configuration that could not be achieved through conventional general-purpose computing under revised step 2a prong two of the 35 U.S.C. § 101 analysis (see Applicant Remarks, 4th ¶ of Page 10 of 13, dated 12/02/2025). Examiner respectfully disagrees. Under Step 2A, Prong 2, an exception is not integrated into a practical application if the claim merely recites the words "apply it" with the exception or merely uses a computer as a tool to perform an abstract idea. The combination of "Loss Distribution Approach," "Monte Carlo simulations," "weighted matrix computations," and "evolutionary algorithm optimization" describes a mathematical framework for optimization, not a physical change to a computer network. The claims simply uses these standard mathematical modeling tools—often used in finance and engineering—within the "particular technological environment" of computer security. Simply stating that a mathematical optimization is applied to "threat mitigation" does not turn the algorithm itself into a technological invention. For a computer-implemented method to qualify as a practical application, it must represent a "specific improvement to computer network security infrastructure" rather than merely optimizing a business or management process. The applicant argues the claim optimizes "resource allocation." However, if the claim does not recite specific improvements to how the network operates (e.g., how data is transmitted, how packets are filtered), it is merely analyzing data about the network, not improving the computer technology itself. Optimization of resource allocation, even for security, is often classified as a "method of organizing human activity" or a "mental process" (management) rather than a "technical process" (computer functionality). f the computer components only perform "extra-solution activity" (such as gathering data or displaying results) that are standard in the art, the claim does not pass Prong 2. If the claim recites gathering security data (loss distribution), running simulations, and producing a report of optimized resources, the actions of "gathering" and "reporting" are well-understood, routine, and conventional computer functions. The "ordered combination" of conventional, well-known, and routine activities does not create an "inventive concept" or a "practical application. Moreover, while the applicant claims the specification supports an integrated approach, 35 U.S.C. 101 requires that the claims themselves contain the technical improvements. If the claim recites what to calculate and what to optimize (e.g., maximizing mitigation), but does not recite how the computer specifically changes its operational steps to implement this optimization, the claim is directed to a "fundamental economic practice or mental process" applied using conventional computer components. The claimed method describes the logic of the risk analysis, not the mechanical implementation of the security control. The amended claims 1 and 11 are directed to the abstract idea of mathematical risk assessment and optimization. The additional elements (using a computer to run the algorithm) are routine and do not amount to a specific improvement to computer security functionality. Therefore, Claims 1-20 does not integrate the abstract idea into a practical application under 35 U.S.C. 101, Step 2A, Prong 2. Argument #6: (F). Applicant argues that Claims 1-20 recite additional elements that amount to significantly more than the recited judicial exceptions under revised step 2B of the 35 U.S.C. § 101 analysis (see Applicant Remarks, last ¶ of Page 10 and Page 11, dated 12/02/2025). Examiner respectfully disagrees. Specifically, Applicant argues that the amended claim limitations in Independent Claims 1 and 11 for example notes that the technical elements are not well-understood, routine and conventional when considered as the specific ordered combination, and that the Applicant notes that the amended features represents a non-conventional application that integrates multiple technical domains in a specific manner to solve the technical problem of cyber security resource optimization under step 2B of the 35 U.S.C. § 101 analysis (see Applicant’s Remarks, 1st ¶ of Page 11, dated 12/02/2025). Examiner respectfully disagrees. In response, Examiner refers Applicant to Examiner’s 35 U.S.C. 101 analysis section (e.g., Claim Rejections - 35 U.S.C. § 101 section shown below) shown for step 2B particularly for Independent Claims 1 and 11. The claims do not recite additional elements that amount to significantly more than the recited judicial exceptions, because they are merely directed to the particulars of the abstract idea and likewise do not add significantly more to the above-identified judicial exceptions. The limitations are directed to limitations referenced in MPEP § 2106.05I.A. that are not enough to qualify as significantly more when recited in these claims with the abstract idea which include: (1) adding the words “apply it” (or an equivalent) with the judicial exception, (2) or mere instructions to implement an abstract idea on a computer and providing the results to the user on a computer, and (3) generally linking the use of the judicial exception to a particular technological environment or field of use. For instance, under 35 U.S.C. § 101, the provided claim steps are patent ineligible because they are "directed to" an abstract idea and lack an "inventive concept" to transform them into a patent-eligible application. This analysis focuses on Step 2B of the Alice/Mayo framework, as updated by 2025 USPTO guidance and Federal Circuit precedent. Step 2B determines whether the claim recites an "inventive concept"—additional elements that amount to significantly more than the judicial exception. Independent Claims 1 and 11 does not include additional elements that are sufficient to amount to significantly more than the recited judicial exceptions due to the following reasons shown below. First, generic computer implementation. The use of an “optimization engine comprising an evolutionary algorithm” and a generic computer to perform the calculations. The Supreme Court in Alice Corp and subsequent Federal Circuit cases confirm that merely automating an abstract idea on a general-purpose computer is insufficient to confer eligibility. The claims lack a specific, non-conventional technical solution or an improvement to the computer’s functionality itself. Secondly, field of use limitations. Applying known mathematical and organizational ideas to the new field of “cybersecurity” risk assessment is merely a field-of-use limitation. This does not add significantly more to the abstract ideas. The argument that the specific combination of LDA, Monte Carlo and evolutionary algorithms solves a “technical problem” through a non-conventional application” fails for the following reasons. One problem-solution mismatch. The “technical problem” of optimally allocating limited computational security resources” is actually a fundamental economic and organizational risk-management problem. Using math to decide how to spend money or deploy assets is an abstract business practice, not a technical solution to a computer-centric problem like increasing network throughput or hardware efficiency. (2) Aggregating Mathematical Concepts. Simply stringing multiple mathematical steps together (LDA -> Monte Carlo -> Matrices -> Optimization) does not result in a technical improvement. The USPTO’s July 2024 AI guidance notes that an ordered combination of abstract ideas that merely results in an “improved mathematical process” remains ineligible. Thirdly, lack of specific technological change. The claims lack a concrete, non-conventional technical implementation. They do not describe a particular way a security control is reconfigured at a machine level-such as a novel encryption handshake or firewall architecture – but rather claim the idea of a desired outcome (an optimized subset). Standard implementation: Integrating “multiple technical domains” (statistics and cybersecurity) is a common cross-disciplinary practice. The Federal Circuit maintains that merely applying computer techniques to solve a problem in a different field is not an inventive concept. The Applicant argues that combining Loss Distribution Approach (LDA), Monte Carlo simulations, weighted matrices, and automated configuration is non-conventional. This combination represents the routine automation of known financial/risk modeling techniques applied to a familiar context (cybersecurity). Monte Carlo simulations and LDA are standard actuarial and risk management tools. Applying them to calculate cyber risk, then using weighted matrices to prioritize actions, is the conventional, logical, and expected use of data processing systems to optimize resource allocation. Implementing a known mathematical algorithm or method on a computer is well-understood, routine, and conventional in the relevant field of cybersecurity. Applicant claims the automatic security control configuration is a non-conventional step. Automatic security control configuration is a standard industry practice designed to reduce human error, manage configuration drift, and improve operational efficiency, as described in Automated Security Control Assessment (ASCA) literature. Setting up automated tools to remediate or configure based on risk output is precisely what modern security automated platforms are designed to do. Merely automating a process that was previously performed manually—or setting a computer to perform its routine functions (collecting, analyzing, and applying a formula)—does not add significantly more to the abstract idea. Applicant then argues that the specification combination of elements are non-conventional. The individual elements (LDA, Monte Carlo, matrix calculations) are standard analytical techniques. As the Federal Circuit held, merely combining known, routine tools in a "specific" manner does not inherently provide an inventive concept if the underlying components are conventional. The "combination" here is simply the functional orchestration of standard IT security functions (risk assessment + automated action). Last reason Examiner notes is that the asserted business improvements are results-oriented for optimizing cybersecurity resources. However, Examiner points out that the improvement of "resource optimization" is a generic result or desired outcome, rather than a technical improvement to the computer system itself (e.g., faster, more efficient processing). These claims merely recite the use of computer components as a tool to automate a business decision (risk management). Examiner notes that the ordered combination of these steps in a "cybersecurity" context constitutes a routine application of well-known techniques, which does not provide an inventive concept beyond the abstract idea of computing risk and allocating resources based on it. Therefore, under Step 2B, Claims 1-20 does not include additional elements that are sufficient to amount to significantly more than the recited judicial exceptions Argument #7: (G). Applicant argues that the technical elements are not well-understood, routine and conventional when considered as the specific ordered combination amounts to significantly more than the recited judicial exceptions under revised step 2B of the 35 U.S.C. § 101 analysis (see Applicant Remarks, last ¶ of Page 10, dated 12/02/2025). Examiner respectfully disagrees. Examiner refers Applicant to BSG Tech LLC v. Buyseasons Inc. decision (Aug. 15, 2018) court case noting that: “But the relevant inquiry is not whether the claimed invention as a whole is unconventional or non-routine. At Step two, we “search for an ‘inventive concept’… that is sufficient to ensure that the patent in practice amounts to significantly more than a patent upon the [ineligible concept] itself.” Alice, 134 S. Ct. at 2355 (internal quotation marks omitted) (quoting Mayo, 566 U.S. at 72-73). But this simply restates what we have already determined is an abstract idea. At Alice step two, it is irrelevant whether considering historical usage information while inputting data may have been non-routine or unconventional as a factual matter. As a matter of law, narrowing or reformulating an abstract idea does not add “significantly more” to it. See SAP Am., Inc. v. InvestPic, LLC. No. 2017-2081, slip op. at 14 (Fed. Cir. 2018). Additionally, Examiner submits that the question of novelty and non-obviousness evidence (application of prior art) is not relevant to the question of determining whether the claims as constructed contain an inventive concept. Lastly, Examiner cites the case of (Two-Way Media v. Comcast, (Fed. Cir. 2017)) and the District Court from this case concluded that “the proffered materials are irrelevant to the § 101 motion for judgment on the pleadings. None of the proffered materials addresses a § 101 challenge to claims of the asserted patents. The novelty and non-obviousness of the claims under §§ 102 and 103 does not bear on whether the claims are directed to patent-eligible subject matter under § 101. . . . Because the proffered materials are irrelevant to the instant § 101 issue, I have not considered them.” The appeal to Federal Circuit Court affirmed the District Court’s ruling that “eligibility and novelty are separate inquiries”. Therefore, in conclusion, Applicant’s suggestion that specific limitations (or the claimed invention as a whole) must be shown to be well-understood, routine, and conventional to support the conclusion of subject matter ineligibility for 35 U.S.C. § 101 of Independent Claims 1 and 14 is not persuasive. The claim elements, when viewed as an ordered combination, does not amount to significantly more than the abstract ideas of mathematical concept modeling and risk management. Therefore, under Step 2B, Claims 1-20 does not include additional elements that are sufficient to amount to significantly more than the recited judicial exceptions. Thus, Claims 1-20 are ineligible with respect to the 35 U.S.C. § 101 analysis. Claim Rejections - 35 USC § 101 8. 35 U.S.C. 101 reads as follows: Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title. 9. Claims 1-20 are rejected under 35 U.S.C. § 101 because the claimed invention is directed to an abstract idea without significantly more. Step 1: Claims 1-20 are focused to a statutory category namely, a “method” or a “process” (Claims 1-10) and a “system” or an “apparatus” (Claims 11-20). Step 2A Prong One: Independent Claims 1 and 11 recites limitations that set forth the abstract idea(s), namely (see in bold except where strikethrough): “” (see Independent Claim 11); “” (see Independent Claim 11); “identifying cyber security related projects used to protect entity assets” (see Independent Claims 1 and 11); “calculating frequency and severity distributions for cyber security threats using a Loss Distribution Approach” (see Independent Claims 1 and 11); “performing Monte Carlo simulations to generate aggregate loss distributions based on the frequency and severity distributions” (see Independent Claims 1 and 11); “computing redundancy and synergy coefficients for pairs of the cyber security related projects using weighted matrix calculations” (see Independent Claims 1 and 11); “solving, based on the aggregate loss distributions and redundancy and synergy coefficients, an optimization programming problem to identify project synergies to select a subset of cyber security related projects that optimize expected loss reduction from cyber security related threats” (see Independent Claims 1 and 11); “managing a configuration of an application based on the subset of cyber security related projects” (see Independent Claims 1 and 11). Here, for Independent Claims 1 and 11, the abstract ideas recite managing business risk by using mathematical models to evaluate potential projects and optimize the selection of a project portfolio. It is fundamentally a risk assessment and resource allocation method implemented using mathematical techniques (such as Monte Carlo simulations and optimization algorithms) in the field of cybersecurity risk management. The steps of calculating frequency and severity distributions for cyber security threats using a loss distribution approach, performing Monte Carlo simulations to generate aggregate loss distributions, computing redundancy and synergy coefficients using weighted matrix calculations and solving an optimization programming problem using an optimization engine are “Mathematical Concepts” which fall under (1) mathematical calculations or (2) mathematical relationships. These processes heavily rely on mathematical operations and models. Merely using complex math, even for a new purpose like cybersecurity risk, does not make the underlying concepts eligible. Additionally or alternatively, identifying cyber security related projects used to protect entity assets, selecting a subset of cybersecurity related projects that optimize expected loss reduction from cyber security related threats (related to project portfolio management and optimizing business outcomes) and managing a configuration of an application based on the subset of projects (related to implementing business decisions) are “Certain Methods of Organizing Human Activities” which fall (3) fundamental economic and business principles/practices (including mitigating risk) such as risk management, project portfolio selection and optimizing resource allocation or (4) managing personal behavior (including teachings or following rules or instructions). Additionally or alternatively, the steps of identifying projects, evaluating the effectiveness of projects through calculation (can be a mental step, even if assisted by a machine) and selecting the optimal subset of projects are “Mental Processes” which falls under (5) concepts performed in the human mind (including observations or evaluations or judgments) or (6) using pen and paper as a physical aid, which in order to help perform these mental steps does not negate the mental nature of these limitations. The overall process of identification, evaluation and selection can be performed by a human mind (e.g., a risk manager evaluating options in a spreadsheet) using observation, judgment and basic calculation. The use of "physical aids" in implementing the abstract mental process, does not preclude the claim from reciting an abstract idea. See MPEP § 2106.04(a) III C. That is, other than reciting (e.g., “optimization programming problem algorithm” & “optimization engine” & “evolutionary algorithm”), nothing in the claim elements precludes the steps from being performed as “Mental Processes” which pertains to (1) concepts performed in the human mind (including observations or evaluations or judgments) or (2) using pen and paper as a physical aid and additionally or alternatively as “Certain Methods of Organizing Human Activities” which pertains to (3) managing personal behavior (including teachings or following rules or instructions) or (4) fundamental economic and business principles/practices (including mitigating risk) and additionally or alternatively as “Mathematical Concepts” which pertains to (5) mathematical calculations or (6) mathematical relationships. Therefore, at step 2a prong 1, Yes, Claims 1-20 recites an abstract idea. We proceed onto analyzing the claims at step 2a prong 2. Step 2A Prong Two: With respect to Step 2A Prong Two of the eligibility inquiry (as explained in MPEP § 2106.04(d)), the judicial exception is not integrated into a practical application. Independent Claim 11 recites additional elements directed to: (e.g., “a processor” & “a non-transitory, processor-readable storage medium”). These additional elements have been considered individually and in combination, but fail to integrate the abstract idea into a practical application because they amount to using computing elements or instructions (software) to perform the abstract idea, similar to adding the words “apply it” (or an equivalent), which merely serves to link the use of the judicial exception to a particular technological environment. See MPEP § 2106.05(f) and MPEP § 2106.05(h). Independent Claims 1 and 11: With respect to reliance on additional elements such as (e.g., “optimization programming problem algorithm” & “optimization engine” & “evolutionary algorithm”) shown in Independent Claims 1 and 11 when considered individually and as an ordered combination (as a whole) in view of these claim limitations, these additional elements do not provide limitations that are indicative of integration into a practical application under step 2a prong 2 due to: (1) field of use limitations -> such as applying an abstract idea to a new or particular field of use (cybersecurity risk assessment) is generally insufficient on its own to confer eligibility (see MPEP § 2106.05 (h)). The focus remains on the underlying abstract nature of the process. The claims describe a result (optimizing loss reduction) without specifying how this results in a concrete, non-abstract technical solution beyond the calculations themselves. (2) Lack of a specific technical solution -> such as the claims lack a concrete, machine-specific implementation or a specific non-conventional technol solution to a technical problem. The “managing a configuration of an application” is a functional description of a desired outcome, not a detailed, unconventional technical method that “improves” the technological field of computer security. these additional elements shown in Independent Claims 1 and 11 do not provide limitations that are indicative of integration into a practical application under step 2a prong 2 due to: reciting mere instructions to implement an abstract idea on a computer or using a computer as a tool to “apply” the recited judicial exceptions by providing the results to the user on a computer (see MPEP § 2106.05 (f)). Therefore, these claim elements, when viewed individually and as an ordered combination, do not add “significantly more” to the abstract ideas. They merely provide an environment (cybersecurity), a goal (optimizing loss reduction), and a means (generic computer doing math) for performing the abstract ideas. In addition, these limitations fail to provide an improvement to the functioning of a computer or to any other technology or technical field, fail to apply the exception with a particular machine, fail to apply the judicial exception to effect a particular treatment or prophylaxis for a disease or medical condition, fail to effect a transformation of a particular article to a different state or thing, and fail to apply/use the abstract idea in a meaningful way beyond generally linking the use of the judicial exception to a particular technological environment. Accordingly, because the Step 2A Prong One and Prong Two analysis resulted in the conclusion that the claims are directed to an abstract idea, additional analysis under Step 2B of the eligibility inquiry must be conducted in order to determine whether any claim element or combination of elements amount to significantly more than the judicial exception. Therefore, at step 2a prong 2, Claims 1-20 are directed to the abstract idea and do not recite additional elements that integrate into a practical application. Step 2B: (As explained in MPEP § 2106.05), it has been determined that the claims do not include additional elements that are sufficient to amount to significantly more than the judicial exception. Independent Claim 11 recites additional elements directed to: (e.g., “a processor” & “a non-transitory, processor-readable storage medium”). These elements have been considered individually and in combination, but fail to add significantly more to the claims because they amount to using computing elements or instructions (software) to perform the abstract idea, similar to adding the words “apply it” (or an equivalent), which merely serves to link the use of the judicial exception to a particular technological environment (computing environment) and does not amount to significantly more than the abstract idea itself. See MPEP § 2106.05(f) and MPEP § 2106.05(h). Notably, Applicant’s Specification suggests that the claimed invention relies on nothing more than a general-purpose computer executing the instructions to implement the invention (see at least Applicant’s Specification ¶ [0044]: “FIG. 5 illustrates an example computer 505. Computer 505 can include a processor 510 suitable for the execution of a computer program, and can include, by way of example, both general and special purpose microprocessors, and any one or more processor of any kind of digital computer”. Independent Claims 1 and 11: With respect to reliance on additional elements such as (e.g., “optimization programming problem algorithm” & “optimization engine” & “evolutionary algorithm”) shown in Independent Claims 1 and 11 when considered individually and as an ordered combination (as a whole) in view of these claim limitations, these additional elements do not recite additional elements that amount to significantly more than the recited judicial exceptions under step 2B due to: (1) field of use limitations -> such as applying an abstract idea to a new or particular field of use (cybersecurity risk assessment) is generally insufficient on its own to confer eligibility (see MPEP § 2106.05 (h)). The focus remains on the underlying abstract nature of the process. The claims describe a result (optimizing loss reduction) without specifying how this results in a concrete, non-abstract technical solution beyond the calculations themselves. (2) Lack of a specific technical solution -> such as the claims lack a concrete, machine-specific implementation or a specific non-conventional technol solution to a technical problem. The “managing a configuration of an application” is a functional description of a desired outcome, not a detailed, unconventional technical method that “improves” the technological field of computer security. Thirdly, these additional elements shown in Independent Claims 1 and 11 do not recite additional elements that amount to significantly more than the recited judicial exceptions under step 2B due to: reciting mere instructions to implement an abstract idea on a computer or using a computer as a tool to “apply” the recited judicial exceptions by providing the results to the user on a computer (see MPEP § 2106.05 (f)). The additional element of “evolutionary algorithm” in general in Independent Claims 1 and 11 do not amount to significantly more than the judicial exception under step 2B due to being expressly recognized as Well-Understood, Routine and Conventional (WURC) in the art. Examiner refers to NPL Document: “Kremmel, Thomas. Project Portfolio Decision Support Using Evolutionary Algorithms. Diss. 2008”, hereinafter Kremmel, et. al. on Page 48 -> “Evolutionary algorithms (EA) imitate nature’s behaviour, and adapt the basic principles to evolve a set of solutions towards the optimum solution of a problem. EAs are search and optimization algorithms, especially suitable to solve multi-objective optimization problems.” Kremmel, et. al. on Page 51-> “Crossover and mutation of the chromosomes are the common operations, used in evolutionary generation of new offspring.” Kremmel, et. al. on Page 62-> Synergy Effects between projects are considered in the optimization approach presented in the paper Pareto ant colony optimization: A metaheuristic approach to multi-objective selection.” Kremmel, et. al. on Page 2 -> “Various presented approaches have proven that integer linear programming models, pareto ant colony optimization, and genetic algorithms Medaglia are generally applicable to the project selection problem. The decision to apply an evolutionary algorithm to the project selection problem is inspired by these papers.” In addition, when taken as an ordered combination, the ordered combination adds nothing that is not already present as when the elements are taken individually. There is no indication that the combination of elements integrates the abstract idea into a practical application. Therefore, when viewed as a whole, these additional claim elements do not provide meaningful limitations to transform the abstract idea into a practical application of the abstract idea or that, as an ordered combination, amount to significantly more than the abstract idea itself. Dependent Claims 2-10 and 12-20 recite additional elements directed to: (e.g. “Knapsack algorithm” (Dependent Claims 5 and 15)), which in conjunction with the limitations recite the same abstract idea(s) as shown in Independent Claims 1 and 11 along with further steps/details that reflect “Certain Methods of Organizing Human Activities” which pertains to (1) fundamental economic and business principles/practices (including mitigating risk) such as risk management, project portfolio selection and optimizing resource allocation or (2) managing personal behavior (including teachings or following rules or instructions) and additionally or alternatively as “Mental Processes” which pertains to (3) concepts performed in the human mind (including observations or evaluations or judgments) or (4) using pen and paper as a physical aid and additionally or alternatively as “Mathematical Concepts” which pertains to (5) mathematical calculations or (6) mathematical relationships. Dependent Claims 2-4, 6-10, 12-14 and 16-20 further narrow the abstract ideas, and are therefore still ineligible for the reasons previously provided in Steps 2A Prong 2 and Step 2B for Independent Claims 1 and 11. Dependent Claims 5 and 15: With respect to reliance on the additional element of (e.g., “knapsack algorithm”) as shown in Dependent Claims 5 and 15 when considered both individually and as an ordered combination (as a whole) with these recited claim limitations, these additional elements do not provide limitations that are indicative of integration into a practical application under step 2a prong 2 and also do not amount to significantly more than the judicial exceptions under step 2B due to the following: (1) field of use limitations -> such as applying an abstract idea to a new or particular field of use (cybersecurity risk assessment) is generally insufficient on its own to confer eligibility (see MPEP § 2106.05 (h)). The focus remains on the underlying abstract nature of the process. The claims describe a result (optimizing loss reduction) without specifying how this results in a concrete, non-abstract technical solution beyond the calculations themselves. (2) Lack of a specific technical solution -> such as the claims lack a concrete, machine-specific implementation or a specific non-conventional technol solution to a technical problem. Alternatively, these additional elements shown in Dependent Claims 5 and 15 do not provide limitations that are indicative of integration into a practical application under step 2a prong 2 and also do not amount to significantly more than the judicial exceptions under step 2B due to the following: reciting mere instructions to implement an abstract idea on a computer or using a computer as a tool to “apply” the recited judicial exceptions by providing the results to the user on a computer (see MPEP § 2106.05 (f)). The ordered combination of elements in the Dependent Claims (including the limitations inherited from the parent claim(s)) add nothing that is not already present as when the elements are taken individually. There is no indication that the combination of elements improves the functioning of a computer or improves any other technology. Accordingly, the subject matter encompassed by the dependent claims fails to amount to a practical application or significantly more than the abstract idea itself. Therefore, under Step 2B, Claims 1-20 does not include additional elements that are sufficient to amount to significantly more than the recited judicial exceptions. Thus, Claims 1-20 are ineligible with respect to the 35 U.S.C. § 101 analysis. Claim Rejections - 35 USC § 103 10. In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. 11. The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. 12. Claims 1-7 and 11-17 are rejected under 35 U.S.C. 103 as being unpatentable over US PG Pub (US 2018/0322292 A1) hereinafter Tedeschi, in view of US PG Pub (US 2016/0197953 A1) hereinafter King-Wilson, in view of NPL Document: "Handling of synergy into an algorithm for project portfolio selection." Recent Advances on Hybrid Intelligent Systems. Berlin, Heidelberg: Springer Berlin Heidelberg, 2013. 417-430, hereinafter Rivera, Gilberto, et al., and in further view of US PG Pub (US 2005/0114829 A1) hereinafter Robin et. al. Regarding Independent Claim 1, Tedeschi method of optimizing cyber security projects teaches the following: - identifying cyber security related projects used to protect entity assets (see at least Tedeschi: ¶ [0012] & ¶ [0016] & ¶ [0030-0035] & ¶ [0091]. Tedeschi notes that the organization may use the initial assessment report to identify projects to address assessment objectives, by category, which are not currently being addressed within the organization. See also Tedeschi at ¶ [0012]: Cybersecurity information protection against unauthorized disclosure, alteration or modification, disruption, or destruction of systems or data is an important tool in protecting these assets. See also Tedeschi at ¶ [0016]: NIST SP 800-53 defines a set of functions for implementing the security standards. These categories include Identify, Protect, Detect, Respond, and Recover. Each of these functions include one or more categories, as well as one or more cybersecurity objectives. See also Tedeschi at ¶ [0030-0035] noting “controls to protect assets or critical functions”. See also Tedeschi at [0091]: Multiple project/assessment objective data records imported into framework database may identify projects or assessment objectives to be fulfilled by the organization's information system, to enhance cybersecurity by providing access authorization, providing security safeguards at system boundaries, and maintaining audit records.) Tedeschi method of optimizing cyber security projects does not explicitly disclose, but King-Wilson in the analogous art for optimizing cyber security projects teaches the following limitations: - calculating frequency (see at least King-Wilson: ¶ [0070-0074]. King-Wilson notes that the activity predictor 14 receives the observed threat data 9 from the database 10, for example by retrieving the data automatically or in response to user instruction, extrapolates future event frequency and produces a profile 13 of predicted threat activity, which includes a list of predicted threats and their expected frequency of occurrence. Each predicted threat is defined using an identifier, a name, a description, a frequency of occurrence, a category (or categories) of system attacked and a corresponding damage level for each system.) and severity distributions for cyber security threats using a Loss Distribution Approach (see at least King-Wilson: ¶ [0022] & ¶ [0058-0062] & ¶ [0068]. King-Wilson notes that the severity score (“SeverityScore”) is a measure of the impact of a successful threat. It is not a measure of the prevalence or exposure to the threat, but rather an indication of the damage that would be caused to the target system. Severity score may also be referred to as “damage level”. In this example, the severity score is a value lying in a range between 1 and 10. For example, a value of 1 can represent trivial impact and a value of 10 may represent a catastrophic effect. However, the severity score may be defined as “low”, “medium”, “high” or “critical”. See also King-Wilson at ¶ [0058]: Each observed threat is defined using an identifier, a name, a description of the threat, a temporal profile specifying frequency of occurrence of the threat, a target (or targets) for the threat and a severity score for the (or each) target. See also King-Wilson at ¶ [0022]: The apparatus may be configured to store at least one of the losses and the combined loss in a storage device. The apparatus may be configured to display at least one of the losses and the combined loss on a display device. See also King-Wilson at ¶ [0068].) - performing Monte Carlo simulations to generate aggregate loss distributions (see at least King-Wilson: ¶ [0021] & ¶ [0028-0030] & ¶ [0082-0084] & ¶ [0174]. King-Wilson notes that the model can be implemented using a Monte Carlo simulation. This involves generating thousands of scenarios of what may happen and then calculating summary statistics from the results. See also King-Wilson at ¶ [0021]: The apparatus may be configured to determine said predicted threat activity using a Monte Carlo method. See also King-Wilson at ¶ [0028-0030]: King Wilson notes that the apparatus may comprise a third module configured to determine loss for each of a plurality of operational processes dependent on the downtimes of each of said systems and to add losses for said plurality of processes so as to obtain a combined loss arising from the threat activity. Determining loss for each of a plurality of operational processes dependent on the downtimes of the systems, adding losses for the plurality of processes to obtain a combined loss arising from the threat activity. See also King-Wilson at ¶ [0082-0084]: The predicted loss calculator 24 receives the system risk 22 and data 25 listing operational processes from a database 26, then predicts the loss for each operational process, aggregates the results for each process and outputs predicted loss data 12. The predicted loss calculator 24 considers the system risk 22 for the IT systems 30, 30 1, 30 2, 30 3, 30 4, . . . , 30 m, on which each process 31, 31 A, 31 B, 31 c, 31 D, 31 E, . . . , 31 m, depends via dependencies 32 and the value of the process and aggregates values 12 A, 12 B, 12 c, 12 D, 12 E, . . . , 12 m, for each process so as to produce a value 12 sum, as for all processes.) based on the frequency (see at least King-Wilson: ¶ [0070-0074]. King-Wilson notes that the activity predictor 14 receives the observed threat data 9 from the database 10, for example by retrieving the data automatically or in response to user instruction, extrapolates future event frequency and produces a profile 13 of predicted threat activity, which includes a list of predicted threats and their expected frequency of occurrence. Each predicted threat is defined using an identifier, a name, a description, a frequency of occurrence, a category (or categories) of system attacked and a corresponding damage level for each system.) and severity distributions (see at least King-Wilson: ¶ [0022] & ¶ [0058-0062] & ¶ [0068]. King-Wilson notes that the severity score (“SeverityScore”) is a measure of the impact of a successful threat. It is not a measure of the prevalence or exposure to the threat, but rather an indication of the damage that would be caused to the target system. Severity score may also be referred to as “damage level”. In this example, the severity score is a value lying in a range between 1 and 10. For example, a value of 1 can represent trivial impact and a value of 10 may represent a catastrophic effect. However, the severity score may be defined as “low”, “medium”, “high” or “critical”. See also King-Wilson at ¶ [0058]: Each observed threat is defined using an identifier, a name, a description of the threat, a temporal profile specifying frequency of occurrence of the threat, a target (or targets) for the threat and a severity score for the (or each) target. See also King-Wilson at ¶ [0022]: The apparatus may be configured to store at least one of the losses and the combined loss in a storage device. The apparatus may be configured to display at least one of the losses and the combined loss on a display device. See also King-Wilson at ¶ [0068].). It would have been obvious for one of ordinary skill in the art, before the effective filing date of the claimed invention, to have modified the teachings of Tedeschi method for optimizing cyber security projects with the aforementioned teachings of: calculating frequency and severity distributions for cyber security threats using a Loss Distribution Approach & performing Monte Carlo Simulations to generate aggregate loss distributions based on the frequency and severity distributions, and in further view of King-Wilson, whereby the activity predictor receives the observed threat data from the database, for example by retrieving the data automatically or in response to user instruction, extrapolates future event frequency and produces a profile of predicted threat activity, which includes a list of predicted threats and their expected frequency of occurrence. The predicted threat activity profile may be stored in a database (see at least King-Wilson: ¶ [0070]). Additionally, the system of King-Wilson seeks to provide an improved apparatus for and a method of assessing threat to a computer network or computer networks and that stochastic modelling can help to model the effect of low-frequency, high-impact events when assessing threats involving computer networks. This can be used, for example, in capital modelling, pricing insurance and cost benefit analysis when improving network security (see at least King-Wilson: ¶ [0010-0012]). Further, the claimed invention is merely a combination of old elements in a similar field of optimizing cyber security projects, and in the combination each element merely would have performed the same function as it did separately, and one of ordinary skill in the art would have recognized that, given the existing technical ability to combine the elements as evidenced by King-Wilson, the results of the combination were predictable. Tedeschi / King-Wilson method of optimizing cyber security projects does not explicitly disclose, but NPL Document: "Handling of synergy into an algorithm for project portfolio selection." Recent Advances on Hybrid Intelligent Systems. Berlin, Heidelberg: Springer Berlin Heidelberg, 2013. 417-430, hereinafter Rivera, Gilberto, et al. in the analogous art for optimizing cyber security projects teaches the following limitations: - computing redundancy and synergy coefficients for pairs of the cyber security related projects using weighted matrix calculations (see at least Rivera, Gilberto, et al: Page 421 & Pages 423-425. Rivera teaches that Negative synergy on objective values: The benefit of two or more projects decreases when are together. For example, a project A that benefits to 100 people and a Project B benefiting 200 people. But if there are 50 people in common between both projects, the benefit of supporting both projects is 250 people instead of 300 as expected. Redundancy: Two projects can not be supported simultaneously. For example, a Project A: Building a hospital, and a Project B: building a school. But if the hospital needs to be built on the same ground that the school, only one of them can receive budget. Decrease in the cost: Two projects decrease the costs if both are supported simultaneously. For example, a project A: has a total cost of 250 monetary units, of which uses 100 to buy expensive computer equipment, and a Project B: it has a cost of 200 monetary units and also need to use similar equipment. If possible, and both projects have no problem sharing the common resource, the cost of financing both resources is 350 monetary units instead of 450 as expected. Presenting a large set of solutions will complicate the decision process of the DM, even if the solutions found belong to the Pareto front, moreover finding a single function that matches the DM’s preference, such as a weighted sum, is not simple and nor guaranteed for real problems. See also Rivera at Page 423: RPM has an algorithm that develops a comprehensive search with dynamic programming to find all optimal portfolios, which then are indexed according to the DM’s criteria through a weighted sum of the objectives. The synergy is handling by means of adding artificial projects and extra redundancy relations. See also Rivera at Pages 424-425: Rivera teaches that the benefit function is shown in Formula 13, where x is the current portfolio, i is the candidate project for being added to x, ηi is known as local knowledge, and is a measure of benefit of the project i, τi,j is the pheromone between projects i and j, and w is a weight factor between local knowledge and the pheromone. Examiner notes that the pheromone is modeled as a two-dimensional matrix with a size N×N, where N is the total of projects, so τ has two entries. τi,j is the preference of having the projects i and j in the same portfolio.) - solving, based on the aggregate loss distributions and redundancy and synergy coefficients (see at least Rivera, Gilberto, et al: Page 421 & Pages 423-426. Rivera teaches that Negative synergy on objective values: The benefit of two or more projects decreases when are together. For example, a project A that benefits to 100 people and a Project B benefiting 200 people. But if there are 50 people in common between both projects, the benefit of supporting both projects is 250 people instead of 300 as expected. Redundancy: Two projects can not be supported simultaneously. For example, a Project A: Building a hospital, and a Project B: building a school. But if the hospital needs to be built on the same ground that the school, only one of them can receive budget. Decrease in the cost: Two projects decrease the costs if both are supported simultaneously. For example, a project A: has a total cost of 250 monetary units, of which uses 100 to buy expensive computer equipment, and a Project B: it has a cost of 200 monetary units and also need to use similar equipment. If possible, and both projects have no problem sharing the common resource, the cost of financing both resources is 350 monetary units instead of 450 as expected. Presenting a large set of solutions will complicate the decision process of the DM, even if the solutions found belong to the Pareto front, moreover finding a single function that matches the DM’s preference, such as a weighted sum, is not simple and nor guaranteed for real problems. See also Rivera at Page 423: RPM has an algorithm that develops a comprehensive search with dynamic programming to find all optimal portfolios, which then are indexed according to the DM’s criteria through a weighted sum of the objectives. The synergy is handling by means of adding artificial projects and extra redundancy relations. See also Rivera at Pages 424-425: Rivera teaches that the benefit function is shown in Formula 13, where x is the current portfolio, i is the candidate project for being added to x, ηi is known as local knowledge, and is a measure of benefit of the project i, τi,j is the pheromone between projects i and j, and w is a weight factor between local knowledge and the pheromone. Examiner notes that the pheromone is modeled as a two-dimensional matrix with a size N×N, where N is the total of projects, so τ has two entries. τi,j is the preference of having the projects i and j in the same portfolio.), an optimization programming problem algorithm (see at least Rivera, Gilberto, et. al: Page 421 & Pages 423-425. Rivera teaches that P-ACO (Pareto Ant Colony Optimization) is an algorithm based on the known metaheuristic of Ant Colony to generate the Pareto front with the most efficient portfolios. Each ant generates a candidate portfolio, and the amount of pheromone deposited by such ant is inversely proportional to the number of solutions that dominate it. The algorithm stores the solutions that have never been dominated, which form an approximation of the Pareto front. P-ACO is able to deal with the synergy between projects, salient characteristic in the algorithm. The algorithm only considers the handling of synergy between groups of two projects. No consideration is made about the DM’s preferences and the synergy is handling by modifying the multiobjective function.), using an optimization engine (see at least Rivera, Gilberto, et. al: Page 426. Rivera notes that computer equipment dual-processor Xeon (TM) CPU 3.06 GHz in parallel and 4 GB RAM.) comprising an evolutionary algorithm (see at least Rivera, Gilberto, et. al: Page 418 & Page 421 & Pages 423-425. Rivera teaches providing the means of algorithms pertaining to the social portfolio problem (SPP), also pareto ant colony optimization (ACO) algorithm, robust portfolio modeling algorithm, scatter search for project portfolio selection and deterministic heuristic algorithms shown at Pages 423-424.), to identify project synergies (see at least Rivera, Gilberto, et. al: Page 426 & Figs. 2-3 on (Pages 427-428). Rivera teaches Addressed synergy types: Redundancy and synergy in objective functions (negative and positive). For instances of 25 projects, there are between three and six synergetic relations; for instances of 100 projects, between 12 and 24. See also Rivera noting the project synergies of instances of 100 projects in Fig. 2 and synergy showing the execution time on instances of 100 projects in Fig. 3.) to select a subset of cyber security related projects that optimize expected loss reduction from cyber security related threats (see at least Rivera, Gilberto, et al: Pages 418-419 & Page 421. Rivera teaches that previous works on the formation of project portfolio with synergy have been proposed [3, 6, 18, 20], it has made evident the lack of methods that also include the decision maker’s preferences. This work presents an Ant Colony Optimization (ACO) Algorithm that searches a Pareto frontier subset that matches the DM’s criteria for selecting a portfolio. From a set of all proposed projects competing for resources, denoted as X, a portfolio may be defined as a subset of them. See also Rivera at Page 424: The next project selection jx is the next project to be incorporated in portfolio x, X is the project list, Ω(x,i) is a function that evaluates the expected benefit to incorporate i to portfolio x, L is the roulette selection function based on Ω(x,i), ℓ is a function that randomly selects an available project. See also Rivera at [abstract] on Page 417: With a number of candidate projects bigger than those ones that can be funded, the organization faces the problem of selecting a portfolio of projects that maximizes the expected benefits. See also Rivera at Page 427: For instances of 100 projects, it was not possible to perform an enumerative search. The preference model was applied to the results provided by each version of the algorithm, and the amount of NOS found for each was counted. Figure 2 presents these results. The performance difference in favor of “synergy in the objective function” was 15% on average. Furthermore, significant differences in the execution time were observed. In Figure 3 shows the time run consumed by each version of the algorithm. The time reduction averaged 11% by using “synergy in the objective function”. See also Rivera at Page 428: On the test instances used, there was an average increase of 15% in performance, and a 11% reduction of consumed time, by adapting the objective function instead of adding artificial projects.). It would have been obvious for one of ordinary skill in the art, before the effective filing date of the claimed invention, to have modified the teachings of Tedeschi / King-Wilson method for optimizing cyber security projects with the aforementioned teachings of: computing redundancy and synergy coefficients for pairs of the cyber security related projects using weighted matrix calculations and solving, based on the aggregate loss distributions and redundancy and synergy coefficients, an optimization programming problem algorithm, using an optimization engine comprising an evolutionary algorithm, to identify project synergies to select a subset of cyber security related projects that optimize expected loss reduction from cyber security related threats, and in further view of Rivera, whereby several algorithms have been developed to solve SPP with synergy, which range from deterministic heuristic algorithms to more sophisticated metaheuristic techniques. The options in the handling of synergy have been basically two: 1) Modifying the Multi-objective evaluation function and 2) Adding artificial projects representing the synergic group, and then add redundancy relations that prevent the artificial project appears at the same portfolio that some project of that group (see at least Rivera: [on Page 423]). Further, the claimed invention is merely a combination of old elements in a similar field of optimizing cyber security projects, and in the combination each element merely would have performed the same function as it did separately, and one of ordinary skill in the art would have recognized that, given the existing technical ability to combine the elements as evidenced by King-Rivera, the results of the combination were predictable. Tedeschi / King-Wilson / NPL Document: "Handling of synergy into an algorithm for project portfolio selection." Recent Advances on Hybrid Intelligent Systems. Berlin, Heidelberg: Springer Berlin Heidelberg, 2013. 417-430, hereinafter Rivera, Gilberto, et al. method of optimizing cyber security projects does not explicitly disclose, but Robin in the analogous art for optimizing cyber security projects teaches the following limitations: - managing a configuration of an application based on the subset of cyber security related projects (see at least Robin: ¶ [0059] & ¶ [0547] & ¶ [1867-1873]. Robin teaches that the Configuration Management Approach field defines how the project's deliverables (e.g., hardware, software, management and technical documents, and work in progress) will be tracked, accounted for, and maintained. Configuration Management includes project documents, the development and test environments, and any impact on the production environment. See also Robin at [0059]: Infrastructure deployment projects, including desktop deployments, operating system upgrades, enterprise messaging deployments, and configuration and operations management systems deployments. See also Robin at ¶ [0349]: Only when the builds are well-tested and stable are they ready for a limited pilot (or beta) release to a subset of the production environment. See also Robin at ¶ [0398-0400]: "Pure" Application Development and Infrastructure Deployment Projects. See also Robin at ¶ [0547]: In solutions framework (SF), a pilot release is a deployment to a subset of the live production environment or user group. See also Robin at [1869-1873]: Description of configuration management processes, methods, and tools. FIG. 20 of Robin notes an exemplary process for combining roles. For example, it illustrates risky (as indicated by "N/Not Recommended" or "U/Unlikely" symbols) and synergistic (as indicated by "P/Possible" symbols) combinations of roles, but as with any teaming exercise, successful role sharing comes down to the actual members themselves and what experience and skills they bring with them.). It would have been obvious for one of ordinary skill in the art, before the effective filing date of the claimed invention, to have modified the teachings of Tedeschi / King-Wilson / Rivera method for optimizing cyber security projects with the aforementioned teachings of: managing a configuration of an application based on the subset of cyber security related projects, and in further view of Robin, in order for different kinds of projects (e.g., infrastructure or packaged application deployment), projects carried out with specialized technology domains (such as security, embedded systems, safety critical, EDI), vertical industries (healthcare, manufacturing, and so on.) or product-specific projects may carry well-known project risks unique to that area. Within the area of information security, risks concerning information theft, loss, or corruption as a result of deliberate acts or accidents are often referred to as threats. Projects in these areas will benefit from the review of alternative risk (threat) classifications or extensions to the well-known general purpose risk classifications to ensure breadth of thinking on the part of the project team during the risk identification step (see at least Robin: ¶ [1154]). Additionally, with the system of Robin, a Configuration Management Approach field defines how the project's deliverables (e.g., hardware, software, management and technical documents, and work in progress) will be tracked, accounted for, and maintained. Configuration Management includes project documents, the development and test environments, and any impact on the production environment (see at least Robin: ¶ [1867]). Further, the claimed invention is merely a combination of old elements in a similar field of optimizing cyber security projects, and in the combination each element merely would have performed the same function as it did separately, and one of ordinary skill in the art would have recognized that, given the existing technical ability to combine the elements as evidenced by Robin, the results of the combination were predictable. Regarding Independent Claim 11, Tedeschi system of optimizing cyber security projects teaches the following: - a processor (see at least Tedeschi: ¶ [0042] & Fig. 1. Tedeschi notes that each server 110 may include one or more processors executing specific computer-executable instructions within a memory coupled to each server 110.); - a non-transitory, processor-readable storage medium, wherein the non-transitory, processor-readable storage medium comprises one or more programming instructions that, when executed, cause the processor to (see at least Tedeschi: ¶ [0042-0043] & Figs. 1-2.): - identifying cyber security related projects used to protect entity assets (see at least Tedeschi: ¶ [0012] & ¶ [0016] & ¶ [0030-0035] & ¶ [0091]. Tedeschi notes that the organization may use the initial assessment report to identify projects to address assessment objectives, by category, which are not currently being addressed within the organization. See also Tedeschi at ¶ [0012]: Cybersecurity information protection against unauthorized disclosure, alteration or modification, disruption, or destruction of systems or data is an important tool in protecting these assets. See also Tedeschi at ¶ [0016]: NIST SP 800-53 defines a set of functions for implementing the security standards. These categories include Identify, Protect, Detect, Respond, and Recover. Each of these functions include one or more categories, as well as one or more cybersecurity objectives. See also Tedeschi at ¶ [0030-0035] noting “controls to protect assets or critical functions”. See also Tedeschi at [0091]: Multiple project/assessment objective data records imported into framework database may identify projects or assessment objectives to be fulfilled by the organization's information system, to enhance cybersecurity by providing access authorization, providing security safeguards at system boundaries, and maintaining audit records.) Tedeschi system of optimizing cyber security projects does not explicitly disclose, but King-Wilson in the analogous art for optimizing cyber security projects teaches the following limitations: - calculating frequency (see at least King-Wilson: ¶ [0070-0074]. King-Wilson notes that the activity predictor 14 receives the observed threat data 9 from the database 10, for example by retrieving the data automatically or in response to user instruction, extrapolates future event frequency and produces a profile 13 of predicted threat activity, which includes a list of predicted threats and their expected frequency of occurrence. Each predicted threat is defined using an identifier, a name, a description, a frequency of occurrence, a category (or categories) of system attacked and a corresponding damage level for each system.) and severity distributions for cyber security threats using a Loss Distribution Approach (see at least King-Wilson: ¶ [0022] & ¶ [0058-0062] & ¶ [0068]. King-Wilson notes that the severity score (“SeverityScore”) is a measure of the impact of a successful threat. It is not a measure of the prevalence or exposure to the threat, but rather an indication of the damage that would be caused to the target system. Severity score may also be referred to as “damage level”. In this example, the severity score is a value lying in a range between 1 and 10. For example, a value of 1 can represent trivial impact and a value of 10 may represent a catastrophic effect. However, the severity score may be defined as “low”, “medium”, “high” or “critical”. See also King-Wilson at ¶ [0058]: Each observed threat is defined using an identifier, a name, a description of the threat, a temporal profile specifying frequency of occurrence of the threat, a target (or targets) for the threat and a severity score for the (or each) target. See also King-Wilson at ¶ [0022]: The apparatus may be configured to store at least one of the losses and the combined loss in a storage device. The apparatus may be configured to display at least one of the losses and the combined loss on a display device. See also King-Wilson at ¶ [0068].) - performing Monte Carlo simulations to generate aggregate loss distributions (see at least King-Wilson: ¶ [0021] & ¶ [0028-0030] & ¶ [0082-0084] & ¶ [0174]. King-Wilson notes that the model can be implemented using a Monte Carlo simulation. This involves generating thousands of scenarios of what may happen and then calculating summary statistics from the results. See also King-Wilson at ¶ [0021]: The apparatus may be configured to determine said predicted threat activity using a Monte Carlo method. See also King-Wilson at ¶ [0028-0030]: King Wilson notes that the apparatus may comprise a third module configured to determine loss for each of a plurality of operational processes dependent on the downtimes of each of said systems and to add losses for said plurality of processes so as to obtain a combined loss arising from the threat activity. Determining loss for each of a plurality of operational processes dependent on the downtimes of the systems, adding losses for the plurality of processes to obtain a combined loss arising from the threat activity. See also King-Wilson at ¶ [0082-0084]: The predicted loss calculator 24 receives the system risk 22 and data 25 listing operational processes from a database 26, then predicts the loss for each operational process, aggregates the results for each process and outputs predicted loss data 12. The predicted loss calculator 24 considers the system risk 22 for the IT systems 30, 30 1, 30 2, 30 3, 30 4, . . . , 30 m, on which each process 31, 31 A, 31 B, 31 c, 31 D, 31 E, . . . , 31 m, depends via dependencies 32 and the value of the process and aggregates values 12 A, 12 B, 12 c, 12 D, 12 E, . . . , 12 m, for each process so as to produce a value 12 sum, as for all processes.) based on the frequency (see at least King-Wilson: ¶ [0070-0074]. King-Wilson notes that the activity predictor 14 receives the observed threat data 9 from the database 10, for example by retrieving the data automatically or in response to user instruction, extrapolates future event frequency and produces a profile 13 of predicted threat activity, which includes a list of predicted threats and their expected frequency of occurrence. Each predicted threat is defined using an identifier, a name, a description, a frequency of occurrence, a category (or categories) of system attacked and a corresponding damage level for each system.) and severity distributions (see at least King-Wilson: ¶ [0022] & ¶ [0058-0062] & ¶ [0068]. King-Wilson notes that the severity score (“SeverityScore”) is a measure of the impact of a successful threat. It is not a measure of the prevalence or exposure to the threat, but rather an indication of the damage that would be caused to the target system. Severity score may also be referred to as “damage level”. In this example, the severity score is a value lying in a range between 1 and 10. For example, a value of 1 can represent trivial impact and a value of 10 may represent a catastrophic effect. However, the severity score may be defined as “low”, “medium”, “high” or “critical”. See also King-Wilson at ¶ [0058]: Each observed threat is defined using an identifier, a name, a description of the threat, a temporal profile specifying frequency of occurrence of the threat, a target (or targets) for the threat and a severity score for the (or each) target. See also King-Wilson at ¶ [0022]: The apparatus may be configured to store at least one of the losses and the combined loss in a storage device. The apparatus may be configured to display at least one of the losses and the combined loss on a display device. See also King-Wilson at ¶ [0068].). It would have been obvious for one of ordinary skill in the art, before the effective filing date of the claimed invention, to have modified the teachings of Tedeschi system for optimizing cyber security projects with the aforementioned teachings of: calculating frequency and severity distributions for cyber security threats using a Loss Distribution Approach & performing Monte Carlo Simulations to generate aggregate loss distributions based on the frequency and severity distributions, and in further view of King-Wilson, whereby the activity predictor receives the observed threat data from the database, for example by retrieving the data automatically or in response to user instruction, extrapolates future event frequency and produces a profile of predicted threat activity, which includes a list of predicted threats and their expected frequency of occurrence. The predicted threat activity profile may be stored in a database (see at least King-Wilson: ¶ [0070]). Additionally, the system of King-Wilson seeks to provide an improved apparatus for and a method of assessing threat to a computer network or computer networks and that stochastic modelling can help to model the effect of low-frequency, high-impact events when assessing threats involving computer networks. This can be used, for example, in capital modelling, pricing insurance and cost benefit analysis when improving network security (see at least King-Wilson: ¶ [0010-0012]). Further, the claimed invention is merely a combination of old elements in a similar field of optimizing cyber security projects, and in the combination each element merely would have performed the same function as it did separately, and one of ordinary skill in the art would have recognized that, given the existing technical ability to combine the elements as evidenced by King-Wilson, the results of the combination were predictable. Tedeschi / King-Wilson system of optimizing cyber security projects does not explicitly disclose, but NPL Document: "Handling of synergy into an algorithm for project portfolio selection." Recent Advances on Hybrid Intelligent Systems. Berlin, Heidelberg: Springer Berlin Heidelberg, 2013. 417-430, hereinafter Rivera, Gilberto, et al. in the analogous art for optimizing cyber security projects teaches the following limitations: - computing redundancy and synergy coefficients for pairs of the cyber security related projects using weighted matrix calculations (see at least Rivera, Gilberto, et al: Page 421 & Pages 423-425. Rivera teaches that Negative synergy on objective values: The benefit of two or more projects decreases when are together. For example, a project A that benefits to 100 people and a Project B benefiting 200 people. But if there are 50 people in common between both projects, the benefit of supporting both projects is 250 people instead of 300 as expected. Redundancy: Two projects can not be supported simultaneously. For example, a Project A: Building a hospital, and a Project B: building a school. But if the hospital needs to be built on the same ground that the school, only one of them can receive budget. Decrease in the cost: Two projects decrease the costs if both are supported simultaneously. For example, a project A: has a total cost of 250 monetary units, of which uses 100 to buy expensive computer equipment, and a Project B: it has a cost of 200 monetary units and also need to use similar equipment. If possible, and both projects have no problem sharing the common resource, the cost of financing both resources is 350 monetary units instead of 450 as expected. Presenting a large set of solutions will complicate the decision process of the DM, even if the solutions found belong to the Pareto front, moreover finding a single function that matches the DM’s preference, such as a weighted sum, is not simple and nor guaranteed for real problems. See also Rivera at Page 423: RPM has an algorithm that develops a comprehensive search with dynamic programming to find all optimal portfolios, which then are indexed according to the DM’s criteria through a weighted sum of the objectives. The synergy is handling by means of adding artificial projects and extra redundancy relations. See also Rivera at Pages 424-425: Rivera teaches that the benefit function is shown in Formula 13, where x is the current portfolio, i is the candidate project for being added to x, ηi is known as local knowledge, and is a measure of benefit of the project i, τi,j is the pheromone between projects i and j, and w is a weight factor between local knowledge and the pheromone. Examiner notes that the pheromone is modeled as a two-dimensional matrix with a size N×N, where N is the total of projects, so τ has two entries. τi,j is the preference of having the projects i and j in the same portfolio.) - solving, based on the aggregate loss distributions and redundancy and synergy coefficients (see at least Rivera, Gilberto, et al: Page 421 & Pages 423-426. Rivera teaches that Negative synergy on objective values: The benefit of two or more projects decreases when are together. For example, a project A that benefits to 100 people and a Project B benefiting 200 people. But if there are 50 people in common between both projects, the benefit of supporting both projects is 250 people instead of 300 as expected. Redundancy: Two projects can not be supported simultaneously. For example, a Project A: Building a hospital, and a Project B: building a school. But if the hospital needs to be built on the same ground that the school, only one of them can receive budget. Decrease in the cost: Two projects decrease the costs if both are supported simultaneously. For example, a project A: has a total cost of 250 monetary units, of which uses 100 to buy expensive computer equipment, and a Project B: it has a cost of 200 monetary units and also need to use similar equipment. If possible, and both projects have no problem sharing the common resource, the cost of financing both resources is 350 monetary units instead of 450 as expected. Presenting a large set of solutions will complicate the decision process of the DM, even if the solutions found belong to the Pareto front, moreover finding a single function that matches the DM’s preference, such as a weighted sum, is not simple and nor guaranteed for real problems. See also Rivera at Page 423: RPM has an algorithm that develops a comprehensive search with dynamic programming to find all optimal portfolios, which then are indexed according to the DM’s criteria through a weighted sum of the objectives. The synergy is handling by means of adding artificial projects and extra redundancy relations. See also Rivera at Pages 424-425: Rivera teaches that the benefit function is shown in Formula 13, where x is the current portfolio, i is the candidate project for being added to x, ηi is known as local knowledge, and is a measure of benefit of the project i, τi,j is the pheromone between projects i and j, and w is a weight factor between local knowledge and the pheromone. Examiner notes that the pheromone is modeled as a two-dimensional matrix with a size N×N, where N is the total of projects, so τ has two entries. τi,j is the preference of having the projects i and j in the same portfolio.), an optimization programming problem algorithm (see at least Rivera, Gilberto, et. al: Page 421 & Pages 423-425. Rivera teaches that P-ACO (Pareto Ant Colony Optimization) is an algorithm based on the known metaheuristic of Ant Colony to generate the Pareto front with the most efficient portfolios. Each ant generates a candidate portfolio, and the amount of pheromone deposited by such ant is inversely proportional to the number of solutions that dominate it. The algorithm stores the solutions that have never been dominated, which form an approximation of the Pareto front. P-ACO is able to deal with the synergy between projects, salient characteristic in the algorithm. The algorithm only considers the handling of synergy between groups of two projects. No consideration is made about the DM’s preferences and the synergy is handling by modifying the multiobjective function.), using an optimization engine (see at least Rivera, Gilberto, et. al: Page 426. Rivera notes that computer equipment dual-processor Xeon (TM) CPU 3.06 GHz in parallel and 4 GB RAM.) comprising an evolutionary algorithm (see at least Rivera, Gilberto, et. al: Page 418 & Page 421 & Pages 423-425. Rivera teaches providing the means of algorithms pertaining to the social portfolio problem (SPP), also pareto ant colony optimization (ACO) algorithm, robust portfolio modeling algorithm, scatter search for project portfolio selection and deterministic heuristic algorithms shown at Pages 423-424.), to identify project synergies (see at least Rivera, Gilberto, et. al: Page 426 & Figs. 2-3 on (Pages 427-428). Rivera teaches Addressed synergy types: Redundancy and synergy in objective functions (negative and positive). For instances of 25 projects, there are between three and six synergetic relations; for instances of 100 projects, between 12 and 24. See also Rivera noting the project synergies of instances of 100 projects in Fig. 2 and synergy showing the execution time on instances of 100 projects in Fig. 3.) to select a subset of cyber security related projects that optimize expected loss reduction from cyber security related threats (see at least Rivera, Gilberto, et al: Pages 418-419 & Page 421. Rivera teaches that previous works on the formation of project portfolio with synergy have been proposed [3, 6, 18, 20], it has made evident the lack of methods that also include the decision maker’s preferences. This work presents an Ant Colony Optimization (ACO) Algorithm that searches a Pareto frontier subset that matches the DM’s criteria for selecting a portfolio. From a set of all proposed projects competing for resources, denoted as X, a portfolio may be defined as a subset of them. See also Rivera at Page 424: The next project selection jx is the next project to be incorporated in portfolio x, X is the project list, Ω(x,i) is a function that evaluates the expected benefit to incorporate i to portfolio x, L is the roulette selection function based on Ω(x,i), ℓ is a function that randomly selects an available project. See also Rivera at [abstract] on Page 417: With a number of candidate projects bigger than those ones that can be funded, the organization faces the problem of selecting a portfolio of projects that maximizes the expected benefits. See also Rivera at Page 427: For instances of 100 projects, it was not possible to perform an enumerative search. The preference model was applied to the results provided by each version of the algorithm, and the amount of NOS found for each was counted. Figure 2 presents these results. The performance difference in favor of “synergy in the objective function” was 15% on average. Furthermore, significant differences in the execution time were observed. In Figure 3 shows the time run consumed by each version of the algorithm. The time reduction averaged 11% by using “synergy in the objective function”. See also Rivera at Page 428: On the test instances used, there was an average increase of 15% in performance, and a 11% reduction of consumed time, by adapting the objective function instead of adding artificial projects.). It would have been obvious for one of ordinary skill in the art, before the effective filing date of the claimed invention, to have modified the teachings of Tedeschi / King-Wilson system for optimizing cyber security projects with the aforementioned teachings of: computing redundancy and synergy coefficients for pairs of the cyber security related projects using weighted matrix calculations and solving, based on the aggregate loss distributions and redundancy and synergy coefficients, an optimization programming problem algorithm, using an optimization engine comprising an evolutionary algorithm, to identify project synergies to select a subset of cyber security related projects that optimize expected loss reduction from cyber security related threats, and in further view of Rivera, whereby several algorithms have been developed to solve SPP with synergy, which range from deterministic heuristic algorithms to more sophisticated metaheuristic techniques. The options in the handling of synergy have been basically two: 1) Modifying the Multi-objective evaluation function and 2) Adding artificial projects representing the synergic group, and then add redundancy relations that prevent the artificial project appears at the same portfolio that some project of that group (see at least Rivera: [on Page 423]). Further, the claimed invention is merely a combination of old elements in a similar field of optimizing cyber security projects, and in the combination each element merely would have performed the same function as it did separately, and one of ordinary skill in the art would have recognized that, given the existing technical ability to combine the elements as evidenced by King-Rivera, the results of the combination were predictable. Tedeschi / King-Wilson / NPL Document: "Handling of synergy into an algorithm for project portfolio selection." Recent Advances on Hybrid Intelligent Systems. Berlin, Heidelberg: Springer Berlin Heidelberg, 2013. 417-430, hereinafter Rivera, Gilberto, et al. system of optimizing cyber security projects does not explicitly disclose, but Robin in the analogous art for optimizing cyber security projects teaches the following limitations: - managing a configuration of an application based on the subset of cyber security related projects (see at least Robin: ¶ [0059] & ¶ [0547] & ¶ [1867-1873]. Robin teaches that the Configuration Management Approach field defines how the project's deliverables (e.g., hardware, software, management and technical documents, and work in progress) will be tracked, accounted for, and maintained. Configuration Management includes project documents, the development and test environments, and any impact on the production environment. See also Robin at [0059]: Infrastructure deployment projects, including desktop deployments, operating system upgrades, enterprise messaging deployments, and configuration and operations management systems deployments. See also Robin at ¶ [0349]: Only when the builds are well-tested and stable are they ready for a limited pilot (or beta) release to a subset of the production environment. See also Robin at ¶ [0398-0400]: "Pure" Application Development and Infrastructure Deployment Projects. See also Robin at ¶ [0547]: In solutions framework (SF), a pilot release is a deployment to a subset of the live production environment or user group. See also Robin at [1869-1873]: Description of configuration management processes, methods, and tools. FIG. 20 of Robin notes an exemplary process for combining roles. For example, it illustrates risky (as indicated by "N/Not Recommended" or "U/Unlikely" symbols) and synergistic (as indicated by "P/Possible" symbols) combinations of roles, but as with any teaming exercise, successful role sharing comes down to the actual members themselves and what experience and skills they bring with them.). It would have been obvious for one of ordinary skill in the art, before the effective filing date of the claimed invention, to have modified the teachings of Tedeschi / King-Wilson / Rivera system for optimizing cyber security projects with the aforementioned teachings of: managing a configuration of an application based on the subset of cyber security related projects, and in further view of Robin, in order for different kinds of projects (e.g., infrastructure or packaged application deployment), projects carried out with specialized technology domains (such as security, embedded systems, safety critical, EDI), vertical industries (healthcare, manufacturing, and so on.) or product-specific projects may carry well-known project risks unique to that area. Within the area of information security, risks concerning information theft, loss, or corruption as a result of deliberate acts or accidents are often referred to as threats. Projects in these areas will benefit from the review of alternative risk (threat) classifications or extensions to the well-known general purpose risk classifications to ensure breadth of thinking on the part of the project team during the risk identification step (see at least Robin: ¶ [1154]). Additionally, with the system of Robin, a Configuration Management Approach field defines how the project's deliverables (e.g., hardware, software, management and technical documents, and work in progress) will be tracked, accounted for, and maintained. Configuration Management includes project documents, the development and test environments, and any impact on the production environment (see at least Robin: ¶ [1867]). Further, the claimed invention is merely a combination of old elements in a similar field of optimizing cyber security projects, and in the combination each element merely would have performed the same function as it did separately, and one of ordinary skill in the art would have recognized that, given the existing technical ability to combine the elements as evidenced by Robin, the results of the combination were predictable. Regarding Dependent Claims 2 and 12, Tedeschi / King-Wilson / Rivera / Robin method / system for optimizing cyber security projects teaches the limitations of Independent Claims 1 and 11 above, and King-Wilson further teaches the method / system for optimizing cyber security projects comprising: - wherein calculating frequency (see at least King-Wilson: ¶ [0070-0074]. King-Wilson notes that the activity predictor 14 receives the observed threat data 9 from the database 10, for example by retrieving the data automatically or in response to user instruction, extrapolates future event frequency and produces a profile 13 of predicted threat activity, which includes a list of predicted threats and their expected frequency of occurrence. Each predicted threat is defined using an identifier, a name, a description, a frequency of occurrence, a category (or categories) of system attacked and a corresponding damage level for each system.) and severity distributions (see at least King-Wilson: ¶ [0022] & ¶ [0058-0062] & ¶ [0068]. King-Wilson notes that the severity score (“SeverityScore”) is a measure of the impact of a successful threat. It is not a measure of the prevalence or exposure to the threat, but rather an indication of the damage that would be caused to the target system. Severity score may also be referred to as “damage level”. In this example, the severity score is a value lying in a range between 1 and 10. For example, a value of 1 can represent trivial impact and a value of 10 may represent a catastrophic effect. However, the severity score may be defined as “low”, “medium”, “high” or “critical”. See also King-Wilson at ¶ [0058]: Each observed threat is defined using an identifier, a name, a description of the threat, a temporal profile specifying frequency of occurrence of the threat, a target (or targets) for the threat and a severity score for the (or each) target. See also King-Wilson at ¶ [0022]: The apparatus may be configured to store at least one of the losses and the combined loss in a storage device. The apparatus may be configured to display at least one of the losses and the combined loss on a display device. See also King-Wilson at ¶ [0068].) comprises using a Poisson distribution for frequency and a log-normal distribution for severity (see at least King-Wilson: ¶ [0171] & ¶ [0173-0176]. King-Wilson notes that a Poisson distribution for the number of viruses or attack can be used and a lognormal distribution for the impact of the virus can be employed. A Poisson distribution uses one parameter, for example, the expected number of attacks. Parameter uncertainty can be allowed for through prudent assumptions specified by the user. See also King-Wilson at ¶ [0176]: A total cost can be calculated by multiplying the number of successful viruses or attacks by an assumed cost. The appropriate number of times can be sampled from the lognormal distribution and summed to get the total cost.). It would have been obvious for one of ordinary skill in the art, before the effective filing date of the claimed invention, to have modified the teachings of Tedeschi / King-Wilson / Rivera / Robin method / system for optimizing cyber security projects with the aforementioned teachings of: wherein calculating frequency and severity distributions comprises using a Poisson distribution for frequency and a log-normal distribution for severity, and in further view of King-Wilson, whereby the activity predictor receives the observed threat data from the database, for example by retrieving the data automatically or in response to user instruction, extrapolates future event frequency and produces a profile of predicted threat activity, which includes a list of predicted threats and their expected frequency of occurrence. The predicted threat activity profile may be stored in a database (see at least King-Wilson: ¶ [0070]). Additionally, the system of King-Wilson seeks to provide an improved apparatus for and a method of assessing threat to a computer network or computer networks and that stochastic modelling can help to model the effect of low-frequency, high-impact events when assessing threats involving computer networks. This can be used, for example, in capital modelling, pricing insurance and cost benefit analysis when improving network security (see at least King-Wilson: ¶ [0010-0012]). Further, the claimed invention is merely a combination of old elements in a similar field of optimizing cyber security projects, and in the combination each element merely would have performed the same function as it did separately, and one of ordinary skill in the art would have recognized that, given the existing technical ability to combine the elements as evidenced by King-Wilson, the results of the combination were predictable. Regarding Dependent Claims 3 and 13, Tedeschi / King-Wilson / Rivera / Robin method / system for optimizing cyber security projects teaches the limitations of Independent Claims 1 and 11 above, and King-Wilson further teaches the method / system for optimizing cyber security projects comprising: - wherein the Monte Carlo simulations (see at least King-Wilson: ¶ [0021] & ¶ [0174].) comprise simulating a number of cyber security threat events and simulating severities for each event (see at least King-Wilson: ¶ [0174-0175] & ¶ [0209-0211]. King-Wilson notes that the model control system 51 can be used by a user to view and analyze simulations 53 for any given virus or attack. The user can control the modelling process using instructions 54, which may include, for example, setting whether an allowance should be made for parameter uncertainty. Thus, the user can iteratively change models and so settle upon an appropriate model, for example, the model which is judged to be the most realistic. The model control system 51 can control the threat assessment 11 with little or no real-time user input, e.g. vary inputs in a predefined manner and judge results according to predefined measure. See at least King-Wilson: ¶ [0022] & ¶ [0058-0062] & ¶ [0068]. King-Wilson notes that the severity score (“SeverityScore”) is a measure of the impact of a successful threat. It is not a measure of the prevalence or exposure to the threat, but rather an indication of the damage that would be caused to the target system. Severity score may also be referred to as “damage level”. In this example, the severity score is a value lying in a range between 1 and 10. For example, a value of 1 can represent trivial impact and a value of 10 may represent a catastrophic effect. However, the severity score may be defined as “low”, “medium”, “high” or “critical”. See also King-Wilson at ¶ [0058]: Each observed threat is defined using an identifier, a name, a description of the threat, a temporal profile specifying frequency of occurrence of the threat, a target (or targets) for the threat and a severity score for the (or each) target. See also King-Wilson at ¶ [0022]: The apparatus may be configured to store at least one of the losses and the combined loss in a storage device. The apparatus may be configured to display at least one of the losses and the combined loss on a display device. See also King-Wilson at ¶ [0068].) to calculate aggregate losses (see at least King-Wilson: ¶ [0022] & ¶ [0082-0084].) It would have been obvious for one of ordinary skill in the art, before the effective filing date of the claimed invention, to have modified the teachings of Tedeschi / King-Wilson / Rivera / Robin method / system for optimizing cyber security projects with the aforementioned teachings of: wherein the Monte Carlo simulations comprise simulating a number of cyber security threat events and simulating severities for each event to calculate aggregate loss, and in further view of King-Wilson, whereby a stochastic model for low frequency/high impact events is used. This involves specifying probability distributions for the number of events and the impact of each of those events. A Poisson distribution for the number of viruses or attack can be used and a lognormal distribution for the impact of the virus can be employed. A Poisson distribution uses one parameter, for example, the expected number of attacks. Parameter uncertainty can be allowed for through prudent assumptions specified by the user. The model can be implemented using a Monte Carlo simulation. This involves generating thousands of scenarios of what may happen and then calculating summary statistics from the results (see at least King-Wilson: ¶ [0173-0175]). Further, the claimed invention is merely a combination of old elements in a similar field of optimizing cyber security projects, and in the combination each element merely would have performed the same function as it did separately, and one of ordinary skill in the art would have recognized that, given the existing technical ability to combine the elements as evidenced by King-Wilson, the results of the combination were predictable. Regarding Dependent Claims 4 and 14, Tedeschi / King-Wilson / Rivera / Robin method / system for optimizing cyber security projects teaches the limitations of Independent Claims 1 and 11 above, and Rivera further teaches the method / system for optimizing cyber security projects comprising: - wherein computing redundancy and synergy coefficients comprises calculating weighted averages based on weights of individual project costs within a portfolio of project costs (see at least Rivera, Gilberto, et al: Figs. 2-3 & Page 421 & Pages 423-425. Rivera teaches that Negative synergy on objective values: The benefit of two or more projects decreases when are together. For example, a project A that benefits to 100 people and a Project B benefiting 200 people. But if there are 50 people in common between both projects, the benefit of supporting both projects is 250 people instead of 300 as expected. Redundancy: Two projects can not be supported simultaneously. For example, a Project A: Building a hospital, and a Project B: building a school. But if the hospital needs to be built on the same ground that the school, only one of them can receive budget. Decrease in the cost: Two projects decrease the costs if both are supported simultaneously. For example, a project A: has a total cost of 250 monetary units, of which uses 100 to buy expensive computer equipment, and a Project B: it has a cost of 200 monetary units and also need to use similar equipment. If possible, and both projects have no problem sharing the common resource, the cost of financing both resources is 350 monetary units instead of 450 as expected. Presenting a large set of solutions will complicate the decision process of the DM, even if the solutions found belong to the Pareto front, moreover finding a single function that matches the DM’s preference, such as a weighted sum, is not simple and nor guaranteed for real problems. See also Rivera at Page 423: RPM has an algorithm that develops a comprehensive search with dynamic programming to find all optimal portfolios, which then are indexed according to the DM’s criteria through a weighted sum of the objectives. The synergy is handling by means of adding artificial projects and extra redundancy relations. See also Rivera at Pages 424-425: Rivera teaches that the benefit function is shown in Formula 13, where x is the current portfolio, i is the candidate project for being added to x, ηi is known as local knowledge, and is a measure of benefit of the project i, τi,j is the pheromone between projects i and j, and w is a weight factor between local knowledge and the pheromone. Examiner notes that the pheromone is modeled as a two-dimensional matrix with a size N×N, where N is the total of projects, so τ has two entries. τi,j is the preference of having the projects i and j in the same portfolio.) It would have been obvious for one of ordinary skill in the art, before the effective filing date of the claimed invention, to have modified the teachings of Tedeschi / King-Wilson / Rivera / Robin method / system for optimizing cyber security projects with the aforementioned teachings of: wherein computing redundancy and synergy coefficients comprises calculating weighted averages based on weights of individual project costs within a portfolio of project costs, and in further view of Rivera, whereby several algorithms have been developed to solve SPP with synergy, which range from deterministic heuristic algorithms to more sophisticated metaheuristic techniques. The options in the handling of synergy have been basically two: 1) Modifying the Multi-objective evaluation function and 2) Adding artificial projects representing the synergic group, and then add redundancy relations that prevent the artificial project appears at the same portfolio that some project of that group (see at least Rivera: [on Page 423]). Further, the claimed invention is merely a combination of old elements in a similar field of optimizing cyber security projects, and in the combination each element merely would have performed the same function as it did separately, and one of ordinary skill in the art would have recognized that, given the existing technical ability to combine the elements as evidenced by King-Rivera, the results of the combination were predictable. Regarding Dependent Claims 5 and 15, Tedeschi / King-Wilson / Rivera / Robin method / system for optimizing cyber security projects teaches the limitations of Independent Claims 1 and 11 above, and Rivera further teaches the method / system for optimizing cyber security projects comprising: - wherein the optimization programming problem algorithm (see at least Rivera, Gilberto, et. al: Page 421 & Pages 423-425. Rivera teaches that P-ACO (Pareto Ant Colony Optimization) is an algorithm based on the known metaheuristic of Ant Colony to generate the Pareto front with the most efficient portfolios. Each ant generates a candidate portfolio, and the amount of pheromone deposited by such ant is inversely proportional to the number of solutions that dominate it. The algorithm stores the solutions that have never been dominated, which form an approximation of the Pareto front. P-ACO is able to deal with the synergy between projects, salient characteristic in the algorithm. The algorithm only considers the handling of synergy between groups of two projects. No consideration is made about the DM’s preferences and the synergy is handling by modifying the multi-objective function.) comprises a Knapsack algorithm (see at least Rivera, Gilberto, et. al: Page 418 & Page 421 & Pages 423-425. Rivera teaches providing the means of algorithms pertaining to the social portfolio problem (SPP), also pareto ant colony optimization (ACO) algorithm, robust portfolio modeling algorithm, scatter search for project portfolio selection and deterministic heuristic algorithms shown at Pages 423-424.) that selects projects subject to budget constraints (see at least Rivera: Page 419-421 & Page 424. Rivera notes that it is also common that projects are associated with some form of grouping that influences the decision of the DM. For example, in a private company, projects may be associated to departments (e.g. marketing, sales, production or human resources), in this case a balanced DM would try to ensure a minimum of the total budget for each, and would prevent either of them unjustifiably monopolizes most of the budget. Let Li and Ui be respectively the minimum and maximum budget that an area I can get (Li ≤ Ui ≤ B). The area for a project i may be defined as ai. For each area j, any portfolio x must satisfy the constraint. See also Rivera at Page 421: Two projects cannot be supported simultaneously. For example, a Project A: Building a hospital, and a Project B: building a school. But if the hospital needs to be built on the same ground that the school, only one of them can receive budget. Although finding Pareto front is important [4, 9], the problem does not is completely solved [5, 11, 12, 13, 23]. Now the DM will choose which portfolio will be selected to receive the budget. See also Rivera at Page 424: During ACOS-SPP constructing phase, each ant selects a portfolio, choosing project by project until the budget is over. The way for selecting next project to portfolio is named selecting rule.) It would have been obvious for one of ordinary skill in the art, before the effective filing date of the claimed invention, to have modified the teachings of Tedeschi / King-Wilson / Rivera / Robin method / system for optimizing cyber security projects with the aforementioned teachings of: wherein the optimization programming problem algorithm comprises a Knapsack algorithm that selects projects subject to budget constraints, and in further view of Rivera, whereby based on the provided information a 35 U.S.C. 103 obviousness rejection is supported. The reference teaches optimizing project portfolios under budget constraints using metaheuristics (such as Ant-Colony optimization, Scatter Search, or robust portfolio modeling). It is well-known in the art that a Knapsack algorithm is a foundational combinational optimization technique used specifically for resource allocation under constraints, essentially forming a subset of metaheuristic approaches or a standard alternative for project selection. Modifying the reference to use a Knapsack algorithm is a predictable variation, providing a known solution for maximizing project portfolio value under a budget constraint. The feature “Knapsack algorithm that selects projects subject to budget constraints” is deemed obvious in view of the Rivera reference. The Rivera reference specifically teaches utilizing metaheuristics or scatter search for project portfolio selection to choose projects while adhering to financial budget constraints. The Knapsack algorithm is recognized as a fundamental combinational optimization problem used to select projects by maximizing value without exceeding a budget. A person having ordinary skill in the art (PHOSITA) would find it obvious to apply a Knapsack algorithm to Rivera’s project selection problem because it is a standard, known, and predictable technique for optimizing resource allocation under constraints, offering a simple and effective alternative to more complex heuristic searches (like ant-colony or scatter search) for the same result. The combination merely represents the application of a known technique (Knapsack) to a known problem (project portfolio selection) to yield predictable results (see MPEP § 2143 (g) or see MPEP § 2143 (c)). Alternatively, the Rivera reference discloses the preamble and the function of the claim, specifically: “an optimization programming problem algorithm…. That selects projects subject to budget constraints Rivera reference. The Rivera reference teaches that the optimization algorithm comprises “Ant-Colony optimization algorithm or metaheuristics algorithm or Scatter Search for Project Portfolio Selection” in the Rivera reference. While the reference may not specifically use the term “Knapsack algorithm” for the particular method named, the Knapsack algorithm is a well-known, foundational combinational optimization approach for subset selection under budget constraints. Modifying the selection process of the reference to use a Knapsack algorithm (or a metaheuristic, which is a broader class encompassing various search techniques) to select projects within a budget would be a simple matter of selecting known, interchangeable optimization techniques (e.g., swapping a genetic algorithm a type of metaheuristic, for a greedy solver on a knapsack algorithm) to solve a standard resource allocation problem. Therefore, it would have been obvious to a PHOSITA to apply a Knapsack algorithm to the portfolio selection problem outlined in the reference, as it represents a known, logic substitution of one optimization method for another in the same field of endeavor (see MPEP § 2143 (b)). The Knapsack algorithm is a foundational, well-known technique in combinatorial optimization for solving project portfolio selection problems under budgetary constraints. The reference teaches using metaheuristics to solve such constraints. Applying a Knapsack algorithm, instead of the metaheuristics mentioned in the reference, is a mere substitution of known optimization techniques. A person of ordinary skill in the art (POSITA) would have found it obvious to use a Knapsack algorithm to achieve the known, intended goal of selecting an optimal set of projects under budget restrictions. The claimed limitation represents a routine optimization choice, yielding predictable results (the optimal selection of projects), thus making the substitution obvious (see MPEP § 2143 (f)). Regarding Dependent Claims 6 and 16, Tedeschi / King-Wilson / Rivera / Robin method / system for optimizing cyber security projects teaches the limitations of Independent Claims 1 and 11 above, and Rivera further teaches the method / system for optimizing cyber security projects comprising: - wherein the subset of cyber security related projects (see at least Rivera: Page 419 & Page 421. Rivera notes that from a set of all proposed projects competing for resources, denoted as X, a portfolio may be defined as a subset of them. This work presents an Ant Colony Optimization (ACO) Algorithm that searches a Pareto frontier subset that matches the DM’s criteria for selecting a portfolio.) comprises projects selected to maximize expected loss reduction subject to a budget constraint (see at least Rivera: [abstract] & Pages 419-420. Rivera teaches that Social Portfolio Problem (SPP) consists in identifying one or more portfolios that Solve Formula 6 subject to the constraints expressed in Equations 1 and 2. In this case, the maximization concept is based on Pareto efficiency. In this case, the dimension of its solution space is 2N, and if taken into account additional considerations such as synergy, partial support, project scheduling or risky conditions, the problem complexity and the number of possible solutions tend to increase. See also Rivera at [abstract]: With a number of candidate projects bigger than those ones that can be funded, the organization faces the problem of selecting a portfolio of projects that maximizes the expected benefits. The selection is made on the evaluation of project groups and not on the evaluation of single projects. See also Rivera at [0419]: Let Li and Ui be respectively the minimum and maximum budget that an area i can get (Li ≤ Ui ≤ B). The area for a project i may be defined as ai. For each area j, any portfolio x must satisfy the constraint: Formula 2.). It would have been obvious for one of ordinary skill in the art, before the effective filing date of the claimed invention, to have modified the teachings of Tedeschi / King-Wilson / Rivera / Robin method / system for optimizing cyber security projects with the aforementioned teachings of: wherein the subset of cyber security related projects comprises projects selected to maximize expected loss reduction subject to a budget constraint, and in further view of Rivera, the Rivera reference explicitly teaches a method of financial optimization to select projects for risk mitigation under a budget. Using a known optimization technique (maximizing loss reduction within a budget) on a specific type of project (cybersecurity) is a routine application of known tools to a new area. The known work of prioritizing, evaluating, and selecting projects to maximize loss reduction would prompt variations of it for use in cybersecurity risk management, as the "design incentives" of optimizing risk mitigation budgets are identical to those found in general business management (see MPEP § 2143 (f)). The application of financial optimization models (e.g., calculating expected loss reduction) to cybersecurity risks would have yielded a predictable result—namely, a prioritized list of cyber investments that maximizes security outcomes within a constrained budget. While the reference may not specifically use the term "cyber security," the limitation "projects selected to maximize expected loss reduction subject to a budget constraint" is fully taught in the context of risk management. Replacing "general risk" with "cybersecurity risk" is a simple substitution of one subject for another [Rationale B] or applying a known technique (financial modeling) to a known area of risk (cyber) [Rationale D]. Regarding Dependent Claims 7 and 17, Tedeschi / King-Wilson / Rivera / Robin method / system for optimizing cyber security projects teaches the limitations of Independent Claims 1 and 11 above, and Rivera further teaches the method / system for optimizing cyber security projects comprising: - wherein the subset of cyber security related projects (see at least Rivera: Page 419 & Page 421. Rivera notes that from a set of all proposed projects competing for resources, denoted as X, a portfolio may be defined as a subset of them. This work presents an Ant Colony Optimization (ACO) Algorithm that searches a Pareto frontier subset that matches the DM’s criteria for selecting a portfolio.) comprises projects having positive expected loss reduction values after accounting for redundancy and synergy effects (see at least Rivera: Figs. 2-3 & Page 420-421 & Page 426. Rivera teaches that interactions between projects may affect the evaluation of portfolios. Among synergy types to be found are Synergy positive on objective values. When two or more projects are complemented for increasing profits. For example, a Project A: creating a recreational park, and a Project B: Paving a road. Each one individually benefits certain amount of people, but if the recreation park (project A) is on the road to be paved (project B) both increase their value. The park becomes more accessible to people, and increase the number of persons that use the road. See also Rivera at Page 426: Addressed synergy types: Redundancy and synergy in objective functions (negative and positive). For instances of 25 projects, there are between three and six synergetic relations; for instances of 100 projects, between 12 and 24.) It would have been obvious for one of ordinary skill in the art, before the effective filing date of the claimed invention, to have modified the teachings of Tedeschi / King-Wilson / Rivera / Robin method / system for optimizing cyber security projects with the aforementioned teachings of: wherein the subset of cyber security related projects comprises projects having positive expected loss reduction values after accounting for redundancy and synergy effects, and in further view of Rivera, the primary difference is that the Rivera reference teaches generic projects, while the claim specifies cybersecurity-related projects. "When there is a design need or market pressure to solve a problem and there are a finite number of identified, predictable solutions, a person of ordinary skill has good reason to pursue the known options within his or her technical grasp." KSR Int'l Co. v. Teleflex Inc., 550 U.S. 398 (2007). Given the increasing need for cyber security, selecting a subset of IT security projects to optimize loss reduction is a known problem with a finite number of solutions (e.g., risk analysis modeling). The Rivera reference teaches that applying loss reduction, redundancy, and synergy calculations to a subset of projects yields a "positive expected loss reduction" (a predictable result). Applying this well-known, predictable mathematical/risk-management approach to the field of cyber security projects would have been "obvious to try" with a reasonable expectation of success (see MPEP § 2143 (e)). Alternatively, the Rivera reference teaches maximizing value/reducing loss in projects via synergy/redundancy analysis. Selecting cybersecurity projects for this analysis is a known optimization technique. It is optimization of a known result (positive expected loss reduction) by applying it to a specific, relevant category of projects (cybersecurity). Therefore, it would have been obvious to one of ordinary skill in the art at the time of the invention to take the known method of identifying a subset of projects with positive expected loss reduction (accounting for synergy/redundancy) from [Rivera Reference] and apply it to cybersecurity-related projects to achieve the predictable result of positive expected loss reduction in a cybersecurity context (see MPEP § 2143 (g)). The claimed invention is specifically directed to "cybersecurity related projects," whereas reference Rivera teaches projects generally. It would have been obvious to a Person Having Ordinary Skill in The Art (PHOSITA) to apply the project selection method of reference Rivera to cybersecurity projects, as known work in project management is readily applicable to the domain of cybersecurity risk management. Given the rising importance of cybersecurity, applying established portfolio optimization techniques—which account for redundancy and synergy—to maximize positive expected loss reduction in cybersecurity initiatives is a logical application of known techniques, yielding predictable results (see MPEP § 2143 (f)). 13. Claims 8 and 18 are rejected under 35 U.S.C. 103 as being unpatentable over US PG Pub (US 2018/0322292 A1) hereinafter Tedeschi, in view of US PG Pub (US 2016/0197953 A1) hereinafter King-Wilson, in view of NPL Document: "Handling of synergy into an algorithm for project portfolio selection." Recent Advances on Hybrid Intelligent Systems. Berlin, Heidelberg: Springer Berlin Heidelberg, 2013. 417-430, hereinafter Rivera, Gilberto, et al., in view of US PG Pub (US 2005/0114829 A1) hereinafter Robin et. al., and in further view of US PG Pub (US 2018/0302306 A1) hereinafter Carroll, et. al. Regarding Dependent Claims 8 and 18, Tedeschi / King-Wilson / Rivera / Robin method / system of optimizing cyber security projects does not explicitly disclose, but Carroll in the analogous art for optimizing cyber security projects does disclose the following: - wherein the subset of cyber security related projects (see at least Carroll: ¶ [0011] & ¶ [0080] & ¶ [0219-0221]. Carroll teaches that the example computing environment is implemented as part of a test bed project for cybersecurity research and development, which can simulate enterprise computing environments, including virtual users that perform activities and interact with other entities in the environment. See also Carroll at ¶ [0011]: The network analysis tool identifies subsets of network assets that have similar network behavior based on a measure of similarity or dissimilarity between pairs of the frequent item sets.) excludes projects having redundancy coefficients exceeding a threshold (see at least Carroll: ¶ [0071] & ¶ [0124] & ¶ [0219-0221] & ¶ [0278]. Carroll notes that to determine multi-hop network dependencies, the network analysis tool can determine whether a peak exists in the cross-correlation coefficients. That is, after correlation coefficients for all lags have been calculated, the network analysis tool can detect peaks in one of several ways. In one approach, the network analysis determines a maximum value of the correlation coefficients and checks whether the maximum value is above a peak threshold. If so (maximum value satisfies the peak threshold), a peak is considered to exist. Otherwise, a peak is not considered to exist. See also Carroll at ¶ [0124]: The network analysis tool can also perform data deduplication to remove redundant flow records. See also Carroll at ¶ [0219-0221]: The pairs AB, AD, and CD are present within the time interval. Other pairs are not present. The matrix includes redundant values (above the diagonal or below the diagonal), which need not be counted. Alternatively, the co-occurrence matrix includes count values for the respective pairs of possible letters in a time interval, as shown in the following simplified example. Again, the matrix includes redundant values (above the diagonal or below the diagonal), which need not be counted.). It would have been obvious for one of ordinary skill in the art, before the effective filing date of the claimed invention, to have modified the teachings of Tedeschi / King-Wilson / Rivera / Robin method / system of optimizing cyber security projects for at least in part automating remediation in an enterprise system with the aforementioned teachings of: wherein the subset of cyber security related projects excludes projects having redundancy coefficients exceeding a threshold, and in further view of Carroll, whereby the network analysis tool can update its assessment of dependencies between network assets on a near-real-time basis, using network flow information from a recent time period to give a near-current perspective on the state of a computer network. By reacting to network changes, this can further improve the quality and speed of decision-making processes based on the identified dependencies (see at least Carroll: ¶ [0255). Also through input to a graphical user interface, an analyst (user) can select network assets, combinations of network assets, or dependencies that should be ignored in subsequent analysis because such network assets, combinations, dependencies, etc. represent “false positives” in the output. Or, as another example, through input to a graphical user interface, the analyst (user) can select network assets, combinations of network assets, or dependencies that should get extra attention, weight or detail in subsequent analysis because such network assets, combinations, dependencies, etc. are of particular interest to the analyst, or are confirmed to be part of meaningful results. The reinforcement learning module (220) can also tune control parameters based on feedback from within the network analysis tool (210), e.g., based on thresholds defined so as to remove from consideration events that are insignificant or are outliers (see at least Carroll: ¶ [0071].) Further, the claimed invention is merely a combination of old elements in a similar field of optimizing cyber security projects, and in the combination each element merely would have performed the same function as it did separately, and one of ordinary skill in the art would have recognized that, given the existing technical ability to combine the elements as evidenced by Carroll, the results of the combination were predictable. 14. Claims 9-10 and 19-20 are rejected under 35 U.S.C. 103 as being unpatentable over US PG Pub (US 2018/0322292 A1) hereinafter Tedeschi, in view of US PG Pub (US 2016/0197953 A1) hereinafter King-Wilson, in view of NPL Document: "Handling of synergy into an algorithm for project portfolio selection." Recent Advances on Hybrid Intelligent Systems. Berlin, Heidelberg: Springer Berlin Heidelberg, 2013. 417-430, hereinafter Rivera, Gilberto, et al., in view of US PG Pub (US 2005/0114829 A1) hereinafter Robin et. al., and in further view of US PG Pub (US 2018/0167414 A1) hereinafter O’Reilly. Regarding Dependent Claims 9 and 19, Tedeschi / King-Wilson / Rivera / Robin method / system of optimizing cyber security projects does not explicitly disclose, but O’Reilly in the analogous art for optimizing cyber security projects does disclose the following: - wherein the subset of cyber security related projects comprises projects selected based on utility values that aggregate multiple dimensions including financial and non-financial aspects (see at least O’Reilly: ¶ [0036] & ¶ [0041] & ¶ [0084] & ¶ [0099]. O’Reilly teaches that score(s) to generate query scripts based upon organizational data, utility, and compliance requirements. Specifically, the suggestion engine generates a series of questions (cognitive scripts) concerning compliance status in order to identify where the system under evaluation 98 stands at a more granular level with respect to the cybersecurity controls. See also O’Reilly at ¶ [0031]: The profile information may include, but is not limited to, revenue of the organization, budget for the organization, sector of the organization, and/or number of Information Security Professionals employed at the organization. See also O’Reilly at ¶ [0041]: The cybersecurity scoring and recommendation system 99 may then capture information from this data, in order to model utility functions, and provide tailored strategies for improving compliance. See also O’Reilly at ¶ [0084]: The dashboard view 198 may further include a navigational bar 201 that enumerates the system utilities and optimizations provided by the cybersecurity scoring and recommendation system 99 to an authorized user. The authorized user may select the optimizations tab to view the results of a cost versus impact algorithm that projects to a target score. See also O’Reilly at ¶ [0099] & Fig. 6B: Graphical interface 243 may provide a Pareto Efficient frontier optimization based upon cost, risk, and other variables to an authorized user. Text block 244 is a header that indicates that the authorized user should enter values associated with the organizational utility for the system under evaluation 98 so that the Gap between the current score and target score may be optimized according to one or more embodiments described herein. For example, the user may provide values for categories 245 that include, but are not limited to, “Risk,” “Cost,” “People,” Process,” and “Technology.” See also O’Reilly noting Fig. 6B and ¶ [abstract].). It would have been obvious for one of ordinary skill in the art, before the effective filing date of the claimed invention, to have modified the teachings of Tedeschi / King-Wilson / Rivera / Robin method / system of optimizing cyber security projects for at least in part automating remediation in an enterprise system with the aforementioned teachings of: wherein the subset of cyber security related projects comprises projects selected based on utility values that aggregate multiple dimensions including financial and non-financial aspects, and in further view of O’Reilly, whereby the cyber security system is provided that sums and scores one or more cybersecurity controls for different client computing systems that each have different attributes, needs, and interests. In addition, the cybersecurity system provides to each different client computing system auto-suggestions that suggest one or more ways in which the client computing system may improve the confidentiality, integrity, and availability of the information stored on the client computing system and/or improve the confidentiality, integrity, and availability of the underlying characteristics of the client computing system. In addition, the cybersecurity system verifies that the functioning of the client computing system has improved (see at least O’Reilly: ¶ [abstract]). Further, the claimed invention is merely a combination of old elements in a similar field of optimizing cyber security projects, and in the combination each element merely would have performed the same function as it did separately, and one of ordinary skill in the art would have recognized that, given the existing technical ability to combine the elements as evidenced by O’Reilly, the results of the combination were predictable. Regarding Dependent Claims 10 and 20, Tedeschi / King-Wilson / Rivera / Robin / O’Reilly method / system of optimizing cyber security projects teaches the limitations of Claims 1, 9, 11 and 19 above, and O’Reilly further teaches the method / system of optimizing cyber security projects comprising: - wherein the multiple dimensions comprise one or more of financial aspects, knowledge gained, environmental impacts, or social impacts of the cyber security related projects, or any combination thereof (see at least O’Reilly: ¶ [0029] & ¶ [0084-0087] & ¶ [0100]. O’Reilly notes that knowledge is collected, anonymized, and stored 180 for use by system services within the cybersecurity scoring and recommendation system 99. See also O’Reilly at ¶ [0084]: The authorized user may select the optimizations tab to view the results of a cost versus impact algorithm that projects to a target score. See also O’Reilly at ¶ [0087] & Fig. 4B: More specifically, and with reference to the exemplary and detailed spider chart 205 as depicted in FIG. 4B, the 18 control families include: Access Control, Audit and Accountability, Awareness and Training, Security Assessment and Authorization, Configuration Management, Contingency Planning, Identification and Authentication, Incident Response, Maintenance, Media Protection, Physical and Environmental Protection, Planning, Personnel Security, Risk Assessment, System and Services Acquisition, System and Communications Protection, System and Information Integrity, and Program Management. See also O’Reilly at Fig. 6B: O’Reilly notes cost 245 at Fig. 6B and efficient frontier which are financial or econometric measurements which are referred to as financial aspects. See also O’Reilly at ¶ [0100]: Organizations evaluate the likelihood and impact of cyber events (threats, breaches, exfiltration, reputational damage, and vulnerabilities) and compute: L×I per control (where L is likelihood, and I is Impact). Conclusion Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. Any inquiry concerning this communication or earlier communications from the examiner should be directed to DERICK HOLZMACHER whose telephone number is (571) 270-7853. The examiner can normally be reached on Monday-Friday 9:00 AM – 6:30 PM EST. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, Applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Brian Epstein can be reached on 571-270-5389. The fax phone number for the organization where this application or proceeding is assigned is 571-270-8853. Information regarding the status of an application may be obtained from Patent Center. Status information for published applications may be obtained from Patent Center. Status information for unpublished applications is available through Patent Center for authorized users only. Should you have questions about access to Patent Center, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). /DERICK J HOLZMACHER/Patent Examiner, Art Unit 3625A /BRIAN M EPSTEIN/Supervisory Patent Examiner, Art Unit 3625
Read full office action

Prosecution Timeline

Mar 04, 2024
Application Filed
Jul 30, 2025
Non-Final Rejection — §101, §103, §DP
Oct 29, 2025
Applicant Interview (Telephonic)
Oct 29, 2025
Examiner Interview Summary
Dec 02, 2025
Response Filed
Apr 04, 2026
Final Rejection — §101, §103, §DP (current)

Precedent Cases

Applications granted by this same examiner with similar technology

Patent 12586015
RESOURCE-RELATED FORECASTING USING MACHINE LEARNING TECHNIQUES
2y 5m to grant Granted Mar 24, 2026
Patent 12561708
SYSTEMS AND METHODS FOR PREDICTING CHURN IN A MULTI-TENANT SYSTEM
2y 5m to grant Granted Feb 24, 2026
Patent 12499404
SYSTEM AND METHOD FOR QUALITY PLANNING DATA EVALUATION USING TARGET KPIS
2y 5m to grant Granted Dec 16, 2025
Patent 12493838
Translation Decision Assistant
2y 5m to grant Granted Dec 09, 2025
Patent 12450541
SYSTEMS AND METHODS FOR PROVIDING TIERED SUBSCRIPTION DATA STORAGE IN A MULTI-TENANT SYSTEM
2y 5m to grant Granted Oct 21, 2025
Study what changed to get past this examiner. Based on 5 most recent grants.

AI Strategy Recommendation

Get an AI-powered prosecution strategy using examiner precedents, rejection analysis, and claim mapping.
Powered by AI — typically takes 5-10 seconds

Prosecution Projections

3-4
Expected OA Rounds
44%
Grant Probability
73%
With Interview (+28.4%)
3y 3m
Median Time to Grant
Moderate
PTA Risk
Based on 270 resolved cases by this examiner. Grant probability derived from career allow rate.

Sign in with your work email

Enter your email to receive a magic link. No password needed.

Personal email addresses (Gmail, Yahoo, etc.) are not accepted.

Free tier: 3 strategy analyses per month