I don’t know about you, but when I think of the term “false positive” I think of something that triggered an alert, but isn’t really a threat or compromise of the system being monitored. This usually applies in IDS, IPS, anti-virus, anti-malware, etc.
This is what is referred to by some as a benign trigger, or benign event. It triggers an alert, but usually just means you need to tune the alert system a bit more so it doesn’t trigger in the future on this type of event.
However, if you’re talking about a biometric system, a false positive trigger is a HUGE deal. In this context, it is what is called “false acceptance”. Think about that for a minute, the biometric system has falsely accepted someone. An unknown user that shouldn’t be authenticated properly, has been given access because the system accepted them as an authorized user.
Not good!
Depending on which context you are more familiar with, it is easy to always associate false positive trigger with a certain type of event. This could come into play when reading notes on various scenarios, or when studying/taking certification exams.
If you’re not careful to read the full context of the information being presented, you can quickly assume false positive is referring to the wrong type of event. For me, I usually default to “benign trigger” as opposed to “the wrong person is given access”.
The point is, though it is a common term, the context in which it is used can determine the actual definition of the term at that time.
This is really something I’m writing down for myself…maybe it can help someone else as well!
Leave a Reply