False Positives and False Negatives
A few more definitions:
- Detection is the action of finding out whether something undesirable happenned.
- Prevention is the action of not allowing something undesirable to happen in the first place.
- A Response is an action that we (users, data owners, system admins, organizations, etc.) take to address the consequences of the undesirable event.
The detection results of a security system (e.g., a firewall or IDS) fall into the following four cases:
- True Positive: When a system labels an item as 'infected', and it was indeed infected.
- False Positive: When a system labels an item as 'infected', but it was actually uninfected/benign.
- True Negative: When a system doesn't detect anything bad, and it was indeed uninfected/benign.
- False Negative: When a system doesn't detect anything bad, but the item was unfortunately infected/malicious.
False Positive cases lead to loss of data, efficiency, and time, while False Negative cases can harm data and the system.
These notes by Miriam Briskman are licensed under CC BY-NC 4.0 and based on sources.