ADVANCED CYBERSECURITY SYSTEMS FOR INFRASTRUCTURE AND NETWORK VULNERABILITY ANALYSIS

§101 §102 §112

Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . DETAILED ACTION Claims 1-23 are presented for examination. Claims 1-15 are elected for examination. Claims 1-15 are rejected. Claims 16-23 are withdrawn. Examiner requests to cancel the withdrawn clams. Claim Rejections - 35 USC § 101 35 U.S.C. 101 reads as follows: Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title. Claims 1-15 are rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea (35 U.S.C. 101 Judicial Exception) without significantly more. The claims recite conducting cybersecurity analysis, comprising: “model creation”, “model analysis”, and “model reporting” which are directed to the abstract idea of mental processes. This judicial exception is not integrated into a practical application because the generically recited computer elements do not add a meaningful limitation to the abstract idea because they amount to simply implementing the abstract idea on a computer. The claims do not include additional elements that are sufficient to amount to significantly more than the judicial exception because the additional elements, when considered separately and in combination, do not add significantly more to the abstract idea, as they are well-understood, routine, conventional computer functions as recognized by the courts. Based upon consideration of all the relevant factors with respect to the claimed invention as a whole, the claims are determined to be directed to an abstract idea without significantly more. The rationale for this determination is explained infra: The following are Principles of Law: A patent may be obtained for “any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof”; 35 U.S.C. § 101. The Supreme Court has consistently held that this provision contains an important implicit exception: laws of nature, natural phenomena, and abstract ideas are not patentable; See Alice Corp. v. CLS Bank Int’l, 134 S. Ct. 2347, 2354 (2014); Gottschalk v. Benson, 409 U.S. 63, 67 (1972) (“Phenomena of nature, though just discovered, mental processes, and abstract intellectual concepts are not patentable, as they are the basic tools of scientific and technological work.”). Notwithstanding that a law of nature or an abstract idea, by itself, is not patentable, an application of these concepts may be deserving of patent protection; See Mayo Collaborative Servs. v. Prometheus Labs., Inc., 132 S. Ct. 1289, 1293–94 (2012). In Mayo, the Court stated that “to transform an unpatentable law of nature into a patent-eligible application of such a law, one must do more than simply state the law of nature while adding the words ‘apply it.’” Mayo, 132 S. Ct. at 1294 (citation omitted). In Alice, the Court reaffirmed the framework set forth previously in Mayo “for distinguishing patents that claim laws of nature, natural phenomena, and abstract ideas from those that claim patent-eligible applications of these concepts.” Alice, 134 S. Ct. at 2355. The test for determining subject matter eligibility requires a first step of determining whether the claims are directed to a process, machine, manufacture, or composition of matter. If the claims are directed to one of the four patent-eligible subject matter categories, then the Examiner must perform a two-part analysis to determine whether a claim that is directed to a judicial exception recites additional elements that amount to significantly more than the exception. The first part of the second step in the analysis is to “determine whether the claims at issue are directed to one of those patent-ineligible concepts.” Id. If the claims are directed to a patent-ineligible concept, then the second part of the second step in the analysis is to consider the elements of the claims “individually and ‘as an ordered combination”’ to determine whether there are additional elements that “‘transform the nature of the claim’ into a patent-eligible application.” Id. (quoting Mayo, 132 S. Ct. at 1298, 1297). In other words, the second step in the analysis is to “search for an ‘inventive concept’‒ i.e., an element or combination of elements that is ‘sufficient to ensure that the patent in practice amounts to significantly more than a patent on the [ineligible concept] itself.’” Id. (brackets in original) (quoting Mayo, 132 S. Ct. at 1294). The prohibition against patenting an abstract idea “cannot be circumvented by attempting to limit the use of the formula to a particular technological environment or adding insignificant post-solution activity.” Bilski v. Kappos, 561 U.S. 593, 610–11 (2010) (citation and internal quotation marks omitted). The Court in Alice noted that “[s]imply appending conventional steps, specified at a high level of generality,” was not “enough” [in Mayo] to supply an “‘inventive concept.’” Alice, 134 S. Ct. at 2357 (quoting Mayo, 132 S. Ct. at 1300, 1297, 1294). In the “2019 Revised Patent Subject Matter Eligibility Guidance” (2019 PEG), the USPTO has prepared revised guidance for use by USPTO personnel in evaluating subject matter eligibility based upon rulings by the courts. The Examiner is bound by and applies the framework as set forth by the Court in Mayo and reaffirmed by the Court in Alice and follows the 2019 PEG for determining whether the claims are directed to patent-eligible subject matter. Step 1: Are the claims at issue directed to a process, machine, manufacture, or composition of matter? The Examiner finds that claims 1-15 are directed to one of the four statutory categories. Step 2A – Prong One: Does the claim recite an abstract idea, law of nature, or natural phenomenon? The Examiner finds that the claims are directed to the abstract idea of “conducting cybersecurity analysis, comprising: “model creation”, “model analysis”, and “model reporting”, which are directed to the abstract idea of mental processes, mathematical concept, and certain methods of organizing human activity — managing interactions/relationships, policies, and compliance. Step 2A – Prong Two: Does the claim recite additional elements that integrate the Judicial Exception into a practical application? The abstract idea is not integrated into a practical application because the generically recited computer elements do not add a meaningful limitation to the abstract idea because they amount to simply implementing the abstract idea on a computer. In determining whether the abstract idea was integrated into a practical application, the Examiner has considered whether there were any limitations indicative of integration into a practical application, such as: (1) Improvements to the functioning of a computer, or to any other technology or technical field; See MPEP § 2106.05(a) (2) Applying or using a judicial exception to affect a particular treatment or prophylaxis for a disease or medical condition; See Vanda Memo (Recent Subject Matter Eligibility Decision: Vanda Pharmaceuticals Inc. v. West-Ward Pharmaceuticals) (3) Applying the judicial exception with, or by use of, a particular machine; See MPEP § 2106.05(b) (4) Effecting a transformation or reduction of a particular article to a different state or thing; See MPEP § 2106.05(c) (5) Applying or using the judicial exception in some other meaningful way beyond generally linking the use of the judicial exception to a particular technological environment, such that the claim as a whole is more than a drafting effort designed to monopolize the exception; See MPEP § 2106.05(e) and Vanda Memo The Examiner notes that claim features of: conducting cybersecurity analysis, comprising: “model creation”, “model analysis”, and “model reporting” does not improve the functioning of a computer or technical field, do not effect a particular treatment or prophylaxis for a disease or medical condition, do not apply or use a particular machine, do not effect a transformation or reduction of a particular article to a different state or thing, and do not apply or use the judicial exception in some other meaningful way beyond generally linking the use of the judicial exception to a particular technological environment, such that the claim as a whole is more than a drafting effort designed to monopolize the exception. Instead, the claim features of conducting cybersecurity analysis, comprising: “model creation”, “model analysis”, and “model reporting” merely use a general-purpose computer as a tool to perform the abstract idea (See MPEP § 2106.05(f)) and merely generally link the use of the abstract idea to a field of use (See MPEP § 2106.05(h)). Thus, the Examiner finds that the claimed invention does not recite additional elements that integrate the Judicial Exception into a practical application. Step 2B: Is there something else in the claims that ensures that they are directed to significantly more than a patent-ineligible concept? The claims, as a whole, require nothing significantly more than generic computer implementation or can be performed entirely by a human. The additional element(s) or combination of element(s) in the claims other than the abstract idea per se amount to no more than recitation of generic cybersecurity structure that serves to perform generic model that are well-understood, routine, and conventional activities previously known to the pertinent industry. Furthermore, the claimed invention does not have a specific asserted improvement in computer capabilities, nor is it a specific implementation of a solution to a problem in the software arts; See Enfish, LLC v. Microsoft Corp., 822 F.3d 1327 (Fed. Cir. 2016). Rather, the claims are merely directed towards the abstract idea of “model creation”, “model analysis”, and “model reporting”, which is similar to ideas that the courts have found to be abstract, as noted supra, and the claims are without a “practical application” or anything “significantly more”. Considering each of the claim elements in turn, the function performed by the computer system at each step of the process does no more than require a generic computer to perform a well-understood, routine, and conventional activity at a high level of generality. The prohibition against patenting an abstract idea “cannot be circumvented by attempting to limit the use of the formula to a particular technological environment or adding insignificant post-solution activity.” Bilski v. Kappos, 561 U.S. 593, 610–11 (2010) (citation and internal quotation marks omitted). The Court in Alice noted that “[s]imply appending conventional steps, specified at a high level of generality,” was not “enough” [in Mayo] to supply an “‘inventive concept.’” Alice, 134 S. Ct. at 2357 (quoting Mayo, 132 S. Ct. at 1300, 1297, 1294). Viewed as a whole, the claims simply recite the steps of using generic computer components. The claims do not purport, for example, to improve the functioning of the computer system itself. Nor does it affect an improvement in any other technology or technical field. Instead, the claims amount to nothing significantly more than an instruction to implement the abstract idea using generic computer components. This is insufficient to transform an abstract idea into a patent-eligible invention. Claim 2 recites “generating virtual representations based on data from a plurality of operational systems; and using a simulation environment to: simulate cyber-attacks on the virtual representations without impacting the physical operational systems; or assess the virtual representations for cybersecurity vulnerabilities based on their characteristics.” The claim provides additional limitations that describe mental processes. As result, when additional features of claim 2, when considered alone and in combination, are still directed to an abstract idea which contains nothing significantly more than the judicial exception itself. Claim 3 recites “modifying, at a feedback mechanism, at least one of the virtual representations or simulation parameters based on outcomes from previous simulations to enhance subsequent simulation accuracy and effectiveness; limiting, at an analysis filtering mechanism, what results are analyzed; or limiting, at presentation filtering mechanism, what results are presented to a user.” The claim provides additional limitations that describe mental processes. As result, when additional features of claim 3, when considered alone and in combination, are still directed to an abstract idea which contains nothing significantly more than the judicial exception itself. Claim 4 recites “generating, using an automated data collection mechanism, a plurality of virtual representations of systems based on scans of the plurality of operational systems and providing this data in a machine-readable format, where the automated data collection mechanism directs a plurality of pieces of input data at systems to identify potential vulnerabilities; wherein the input data is at least one of: generated using a random or pseudorandom generation process, generated based on configuration files, generated based on system analysis, generated based on adaptive analysis, or generated using another method; wherein the automated data collection mechanism utilizes an interface mechanism to communicate with each system; wherein the automated data collection mechanism assesses multiple types of systems.” The claim provides additional limitations that describe mental processes. As result, when additional features of claim 4, when considered alone and in combination, are still directed to an abstract idea which contains nothing significantly more than the judicial exception itself. Claim 5 recites “performing security assessment without causing operational downtime; performing security assessment without causing significant performance degradation; analyzing data to identify potential future security vulnerabilities and attack pathways; analyzing data continuously or near-continuously to identify security vulnerabilities and attack pathways; or leveraging recognized security assessment frameworks to enhance an identification and analysis of vulnerabilities and attack pathways.” The claim provides additional limitations that describe mental processes. As result, when additional features of claim 5, when considered alone and in combination, are still directed to an abstract idea which contains nothing significantly more than the judicial exception itself. Claim 6 recites “operating a plurality of computational modules to detect and analyze cybersecurity threats; operating a plurality of computational modules autonomously to detect, analyze, and respond to cybersecurity threats; operating a plurality of computational modules to analyze cybersecurity threats where data exchange among the modules is facilitated via a communication network; operating a plurality of computational modules to analyze cybersecurity threats wherein at least one device executes a search algorithm, such as an iterative deepening search algorithm, to evaluate potential vulnerabilities and attack paths; or operating a plurality of computational modules to analyze cybersecurity threats wherein a continuous operation of an infrastructure is maintained during the cybersecurity analysis.” The claim provides additional limitations that describe mental processes. As result, when additional features of claim 6, when considered alone and in combination, are still directed to an abstract idea which contains nothing significantly more than the judicial exception itself. Claim 7 recites “non-invasively collecting data from systems, using data collected from systems, or providing an interface for a user to enter data wherein the systems are at least one of: operational technology systems, functional technology systems, information technology systems, hybrid systems, other systems; analyzing the collected data using algorithms to at least one of: detect potential threats, detect actual threats, or detect vulnerabilities; at least one of: calculating risk scores based on the analysis, updating risk scores based on the analysis, identifying vulnerabilities based on the analysis, identifying risks based on the analysis, identifying attack paths based on the analysis or providing insights to system operators.” The claim provides additional limitations that describe mental processes. As result, when additional features of claim 7, when considered alone and in combination, are still directed to an abstract idea which contains nothing significantly more than the judicial exception itself. Claim 8 recites “utilizing multiple computer processing threads to perform this analysis; utilizing at least one of: synchronous or asynchronous communications between processors, two or more processing threads within a common physical processor, two or more processors located within a common computer system, processors located within two or more computer systems, network communications between two or more computing systems or error correction of network communications” The claim provides additional limitations that describe mental processes. As result, when additional features of claim 8, when considered alone and in combination, are still directed to an abstract idea which contains nothing significantly more than the judicial exception itself. Claim 9 recites “autonomously making decisions based on the analyzed data; executing penetration testing actions based on these decisions; receiving and processing feedback from the executed actions in real-time or near real-time; at least one of: making a security recommendation to a user, correcting a vulnerability, taking an action based on the feedback to enhance an identification of vulnerabilities, taking an action based on the feedback to enhance a mapping of vulnerabilities, taking an action based on the feedback to enhance an exploitation of vulnerabilities, or adjusting subsequent penetration testing activities” The claim provides additional limitations that describe mental processes. As result, when additional features of claim 9, when considered alone and in combination, are still directed to an abstract idea which contains nothing significantly more than the judicial exception itself. Claim 10 recites “wherein this method is used to evaluate cybersecurity tools, comprising: simulating a network environment using synthetic data; applying testing conditions including at least one of: consistent conditions across evaluations, realistic operational conditions, specifically modified conditions, noise-introduced conditions, other conditions; drawing evaluative conclusions based on analysis of the evaluation results under two or more testing conditions; wherein the method provides an adaptable and standardized testing environment for an objective evaluation of cybersecurity tools under realistic conditions” The claim provides additional limitations that describe mental processes. As result, when additional features of claim 10, when considered alone and in combination, are still directed to an abstract idea which contains nothing significantly more than the judicial exception itself. Claim 11 recites “applying at least one heuristic, wherein the at least one heuristic includes at least one of: a path termination heuristic that stops processing when an identified condition is met; or a rule running heuristic that stops processing when a specified number of rules have been run” The claim provides additional limitations that describe mental processes. As result, when additional features of claim 11, when considered alone and in combination, are still directed to an abstract idea which contains nothing significantly more than the judicial exception itself. Claim 12 recites “incorporating a function that allows a user to specify a common property that is not assessed; incorporating a function that allows a user to specify a common property that is not assessed if it is missing during processing; incorporating a function that allows a user to specify a fact that is not assessed; incorporating a function that allows a user to specify a fact that is not assessed if it is missing during processing; incorporating a function that allows a user to select what rules are run during processing; or incorporating a function that allows a user to select whether post-condition facts are created” The claim provides additional limitations that describe mental processes. As result, when additional features of claim 12, when considered alone and in combination, are still directed to an abstract idea which contains nothing significantly more than the judicial exception itself. Claim 13 recites “aggregating data from a plurality of sources; converting the aggregated data into a processing format; analyzing the aggregated data using processing algorithms to identify potential threats” The claim provides additional limitations that describe mental processes. As result, when additional features of claim 13, when considered alone and in combination, are still directed to an abstract idea which contains nothing significantly more than the judicial exception itself. Claim 14 recites “calculating risk scores based on the analysis; at least one of: implementing security measures based on the risk scores or recommending security measures based on the risk scores; updating the risk scores and security measures in real-time based on data inputs; wherein: the data relates to at least one of: an organization's employees, an organization's contractors, an organization's vendor staff, an organization's volunteers, an organization's affiliates' workforce, family members of an organization's workforce, associates of an organization's workforce, communications of an organization's workforce, activities of an organization's workforce, interactions between members of an organization's workforce or influences on an organization's workforce; and the organization's workforce includes at least one of employees, contractors, or vendor staff” The claim provides additional limitations that describe mental processes. As result, when additional features of claim 14, when considered alone and in combination, are still directed to an abstract idea which contains nothing significantly more than the judicial exception itself. Claim 15 recites “wherein: the data relates to at least one of: an organization, an organization's business partners, an organization's suppliers, an organization's customers, an organization's affiliates or an organization's extended workforce; and workforce includes at least one of a workforce of organization, a workforce of business partners, a workforce of suppliers, a workforce of customers, or a workforce of affiliates” The claim provides additional limitations that describe mental processes. As result, when additional features of claim 15, when considered alone and in combination, are still directed to an abstract idea which contains nothing significantly more than the judicial exception itself. Claim Rejections - 35 USC § 112 The following is a quotation of 35 U.S.C. 112(b): (b) CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention. The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph: The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention. Claim 2 recites the limitation " the physical operational systems" in lines 4-5. There is insufficient antecedent basis for this limitation in the claim. Claim Rejections - 35 USC § 102 In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action: A person shall be entitled to a patent unless – (a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention. 4. Claims 1-15 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Crabtree et al hereafter Crabtree (US pat. App. Pub. US 20220078210). 5. As per claim 1, Crabtree teaches a method for conducting cybersecurity analysis, the method comprising: model creation; model analysis; and model reporting (paragraphs: 23-24, and 157, wherein it emphasizes that creating a virtual network space model of the network and applying a simulated attack on the virtual network space model of the network under test and notifying that test result). 6. As per claim 2, Crabtree teaches the method further including: generating virtual representations based on data from a plurality of operational systems (paragraph: 23, wherein it describes creating a virtual representation of a network system based on information of the network system); and using a simulation environment to: simulate cyber-attacks on the virtual representations without impacting the physical operational systems; or assess the virtual representations for cybersecurity vulnerabilities based on their characteristics (paragraph: 23, wherein it elaborates that applying a simulated cyber-attack on the virtual representation of the network without affecting the actual physical system). 7. As per claim 3, Crabtree teaches the method, further including at least one of: modifying, at a feedback mechanism, at least one of the virtual representations or simulation parameters based on outcomes from previous simulations to enhance subsequent simulation accuracy and effectiveness (paragraphs: 73, and 175, wherein it deliberates updating the virtual presentations by implementing recommended changes to the networked system based on running iterations through the use of changes in software configurations, access controls, etc. based on the iterated simulation result); limiting, at an analysis filtering mechanism, what results are analyzed; or limiting, at presentation filtering mechanism, what results are presented to a user (paragraphs: 24, 146, wherein it discusses only the results that will be analyzed are the cyberattack strategy sequence and a probability of success of the attack and the defense in each iteration). 8. As per claim 4, Crabtree teaches the method, further including: generating, using an automated data collection mechanism, a plurality of virtual representations of systems based on scans of the plurality of operational systems and providing this data in a machine-readable format, where the automated data collection mechanism directs a plurality of pieces of input data at systems to identify potential vulnerabilities (paragraphs: 23, 142, wherein it describes automated data collection from plurality of virtual representations as input to detect possible vulnerabilities); wherein the input data is at least one of: generated using a random or pseudorandom generation process, generated based on configuration files, generated based on system analysis, generated based on adaptive analysis, or generated using another method (paragraphs: 130-131); wherein the automated data collection mechanism utilizes an interface mechanism to communicate with each system; wherein the automated data collection mechanism assesses multiple types of systems (paragraphs: 73, 136, 175). 9. As per claim 5, Crabtree teaches the method, further including at least one of: performing security assessment without causing operational downtime; performing security assessment without causing significant performance degradation; analyzing data to identify potential future security vulnerabilities and attack pathways; analyzing data continuously or near-continuously to identify security vulnerabilities and attack pathways; or leveraging recognized security assessment frameworks to enhance an identification and analysis of vulnerabilities and attack pathways (paragraphs: 154, and 110, wherein it discusses that analyzing the data to identify potential future security vulnerabilities and attack possibilities). 10. As per claim 6, Crabtree teaches the method, further including at least one of: operating a plurality of computational modules to detect and analyze cybersecurity threats; operating a plurality of computational modules autonomously to detect, analyze, and respond to cybersecurity threats; operating a plurality of computational modules to analyze cybersecurity threats where data exchange among the modules is facilitated via a communication network; operating a plurality of computational modules to analyze cybersecurity threats wherein at least one device executes a search algorithm, such as an iterative deepening search algorithm, to evaluate potential vulnerabilities and attack paths; or operating a plurality of computational modules to analyze cybersecurity threats wherein a continuous operation of an infrastructure is maintained during the cybersecurity analysis (paragraphs, 175, and 142, wherein it elaborates operating computational modules to detect and analyze possible cybersecurity attacks). 11. As per claim 7, Crabtree teaches the method, further including: at least one of: non-invasively collecting data from systems, using data collected from systems, or providing an interface for a user to enter data (paragraphs: 105, and 107); wherein the systems are at least one of: operational technology systems, functional technology systems, information technology systems, hybrid systems, other systems (paragraphs: 23, and 76); analyzing the collected data using algorithms to at least one of: detect potential threats, detect actual threats, or detect vulnerabilities (paragraphs: 142); at least one of: calculating risk scores based on the analysis, updating risk scores based on the analysis, identifying vulnerabilities based on the analysis, identifying risks based on the analysis, identifying attack paths based on the analysis or providing insights to system operators (paragraphs: 120). 12. As per claim 8, Crabtree teaches the method, further including: utilizing multiple computer processing threads to perform this analysis; utilizing at least one of: synchronous or asynchronous communications between processors, two or more processing threads within a common physical processor, two or more processors located within a common computer system, processors located within two or more computer systems, network communications between two or more computing systems or error correction of network communications (paragraphs: 144, and 156). 13. As per claim 9, Crabtree teaches the method, wherein this method is used to perform automated penetration testing of network systems further including: collecting and analyzing data from a network; autonomously making decisions based on the analyzed data; executing penetration testing actions based on these decisions; receiving and processing feedback from the executed actions in real-time or near real-time (paragraphs: 170); at least one of: making a security recommendation to a user, correcting a vulnerability, taking an action based on the feedback to enhance an identification of vulnerabilities, taking an action based on the feedback to enhance a mapping of vulnerabilities, taking an action based on the feedback to enhance an exploitation of vulnerabilities, or adjusting subsequent penetration testing activities (paragraph: 141). 14. As per claim 10, Crabtree teaches the method, wherein this method is used to evaluate cybersecurity tools, comprising: simulating a network environment using synthetic data; applying testing conditions including at least one of: consistent conditions across evaluations, realistic operational conditions, specifically modified conditions, noise-introduced conditions, other conditions; drawing evaluative conclusions based on analysis of the evaluation results under two or more testing conditions; wherein the method provides an adaptable and standardized testing environment for an objective evaluation of cybersecurity tools under realistic conditions (paragraphs: 136, 175). 15. As per claim 11, Crabtree teaches the method, further including applying at least one heuristic, wherein the at least one heuristic includes at least one of: a path termination heuristic that stops processing when an identified condition is met; or a rule running heuristic that stops processing when a specified number of rules have been run (paragraphs: 69, 112). 16. As per claim 12, Crabtree teaches the method, further including at least one of: incorporating a function that allows a user to specify a common property that is not assessed; incorporating a function that allows a user to specify a common property that is not assessed if it is missing during processing; incorporating a function that allows a user to specify a fact that is not assessed; incorporating a function that allows a user to specify a fact that is not assessed if it is missing during processing; incorporating a function that allows a user to select what rules are run during processing; or incorporating a function that allows a user to select whether post-condition facts are created (paragraphs: 22. And 25). 17. As per claim 13, Crabtree teaches the method, further including: aggregating data from a plurality of sources; converting the aggregated data into a processing format; analyzing the aggregated data using processing algorithms to identify potential threats (paragraphs: 23, and 69). 18. As per claim 14, Crabtree teaches the method, further including: calculating risk scores based on the analysis; at least one of: implementing security measures based on the risk scores or recommending security measures based on the risk scores; updating the risk scores and security measures in real-time based on data inputs; wherein: the data relates to at least one of: an organization's employees, an organization's contractors, an organization's vendor staff, an organization's volunteers, an organization's affiliates' workforce, family members of an organization's workforce, associates of an organization's workforce, communications of an organization's workforce, activities of an organization's workforce, interactions between members of an organization's workforce or influences on an organization's workforce; and the organization's workforce includes at least one of employees, contractors, or vendor staff (paragraphs: 120, and 137). 19. As per claim 15, Crabtree teaches the method, wherein: the data relates to at least one of: an organization, an organization's business partners, an organization's suppliers, an organization's customers, an organization's affiliates or an organization's extended workforce; and workforce includes at least one of a workforce of organization, a workforce of business partners, a workforce of suppliers, a workforce of customers, or a workforce of affiliates (paragraphs: 138, and 139). Citation of References 20. The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. The following references are cited but not been replied upon for this office action: Annen et al (US pat. App. Pub. 20220247766): elaborates that a scalable automated training framework for anomaly and ransomware detection are disclosed. In some embodiments, a computer system performs operations comprising: instantiating a plurality of virtual machines, each one of the virtual machines being loaded with a corresponding file system; simulating user actions and ransomware on the virtual machines, the simulating of user actions and ransomware on the virtual machines causing changes to the corresponding file systems of the virtual machines; for each one of the plurality of virtual machines, generating a corresponding metadata file based on one or more corresponding snapshots of the virtual machine, the one or more corresponding snapshots indicating the changes to the corresponding file system of the virtual machine; and training a ransomware detection model using a machine learning algorithm and training data, the training data being based on the corresponding metadata files of the virtual machines. Marsenic et al (US pat. app. Pub. 20230132703): discusses cyber security system includes an importance node module to compute and use graphs to compute an importance of a node based on factors including a hierarchy and a job title of the user, aggregated account privileges from network domains and a level of shared resource access for the user. The graphs are supplied into an attack path modeling component to understand an importance of the network nodes and determine key pathways within the network that a cyber-attack would use, via a modeling the cyber-attack on a simulated and a virtual device version of the network. The cyber security system provides an intelligent prioritization of remediation action to a remediation suggester module to analyze results of the modeling the cyber-attack for each node and suggest how to perform intelligent prioritization of remediation action on a network node in one of a report and an autonomous remediation action. Conclusion 21. Any inquiry concerning this communication or earlier communications from the examiner should be directed to MOHAMMAD W REZA whose telephone number is (571)272-6590. The examiner can normally be reached on Monday-Friday 8:30-5:30 ET. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Cathy Thiaw can be reached on 571-270-1138. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). /MOHAMMAD W REZA/Primary Examiner, Art Unit 2407