I’d like to discuss a few things around the classification of data types coming thru a firewall or security device. I think pretty much even know the slang of false positives, but there is in-fact 4 types.
- True Positive – means an action was taken, that was true and accurate
- True Negative – means it has not acted, because there was no activity
- False Positive – means a security control acted based on a threat but it was a error
- False Negative – means the security control didn’t act even though there was a threat