What describes the impact of false-positive alerts compared to false-negative alerts?
A.
A false negative is alerting for an XSS attack. An engineer investigates the alert and discovers that an XSS attack happened A false positive is when an XSS attack happens and no alert is raised
B.
A false negative is a legitimate attack triggering a brute-force alert. An engineer investigates the alert and finds out someone intended to break into the system A false positive is when no alert and no attack is occurring
C.
A false positive is an event alerting for a brute-force attack An engineer investigates the alert and discovers that a legitimate user entered the wrong credential several times A false negative is when a threat actor tries to brute-force attack a system and no alert is raised.
D.
A false positive is an event alerting for an SQL injection attack An engineer investigates the alert and discovers that an attack attempt was blocked by IPS A false negative is when the attack gets detected but succeeds and results in a breach.
False positives and false negatives are terms used to describe the accuracy of security alerts. A false positive occurs when a security system incorrectly identifies benign activity as malicious, leading to unnecessary investigation and potential disruption of legitimate activities. Conversely, a false negative happens when a security system fails to detect actual malicious activity, allowing the attackers to proceed undetected. The impact of false positives is generally wasted time and resources investigating non-issues, while the impact of false negatives can be much more severe, potentially leading to undetected breaches and significant damage.
References: The CBROPS curriculum covers the concepts of false positives and false negatives in the context of security monitoring and alerting systems
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit