Requirements
Abdullah307
Copy1_Homework20Assignment20720Template20111.edited.docxHomework Assignment 7: Dealing With False Positives 4
Your Name
School of Computer and Information Sciences, University of the Cumberlands
ISOL632 Business Continuity Planning and Disaster Recovery Planning
Dr. Ronald P. Sperano
Current Date
Table of Contents Introduction………………………………………………………………………………………3 User Training Required to Deal with False Positives (Note: required) 3 Balance between Being Overwhelmed With False Positives and the Dangers of Ignoring True Incidents. (Note: required) 4 Effect of False Positives on an Organization (Note: required) 6 References 7
Dealing with False Positives
False positives are common aspects of business, and they feature instances that inaccurately reflect threats to company systems. There must be measures and structures in place to address such issues. It is where incident management becomes crucial. Incident management is a central part of preventing disruption of normal business operations within an organization (Murdoch, 2019). This element requires user training to achieve maximum impact. The training is essential for staff to get in tune with proper practices in incident reporting. It is among the core features that have been integrated into companies to manage threats or potential issues (Murdoch, 2019). It is vital to ascertain that all users are on the same page as to the reporting of incidents. Important considerations include the nature of user training and effectively dealing with false positives.
User Training Required to Deal with False Positives
The purpose of user training is to enable individuals to proficiently determine the data which should be included in investigation reports and develop an informed understanding of control measures and follow-up. The training should be very interactive and promote two-way communication between trainers and the recipients of knowledge and expertise. The users should learn from the trainers’ industry experience while simultaneously getting the opportunity and platform to express themselves in terms of their views and ideas (Murdoch, 2019). Workers must get equipped with knowledge and tools that will help them learn and perform critical roles relevant to data security threats and risks. Regular tasks in the training course are vital in testing the retention and enhancement of keenness in the process. Users must get trained on ways trough which sensitive data gets compromised and the resultant adverse outcomes. They will need to have a clear understanding of what protected information is and be able to identify issues in both physical and digital platforms. Besides, the training should feature actions that can help mitigate the incidents once reported (Murdoch, 2019).
A balance between Being Overwhelmed with False Positives and the Dangers of Ignoring True Incidents
According to the rules or logic, false positives tend to occur when there is incorrect identification of events or incidents. Still, without the benefit of a legitimate threat. On the other hand, false negatives result when there is a legit issue. There is even a failure to identify the problem at hand (Lemay & Leblanc, 2018). The essence of incident reporting is in proper reporting of security issues that affect a given organization. False positives and negatives negate this process as they make it less efficient due to the implications of the reports related to such cases. The severity of repercussions depends on the nature of the security issue. It is important to note that false positives and false negatives influence decisions and actions, which, in some cases, may be detrimental to an organization (Lemay & Leblanc, 2018). This point shows the significance of the effective handling of false positives and the need for a balance with not reporting.
The main factor in avoiding being overwhelmed with false positives is in identifying such incidences. The goal is to eliminate these false-positive cases. The rules should neither be too generic or too specific. Individuals should be able to make educated decisions with basis on data presented. The process should begin with an extensive data set and continually narrow down the outcomes through logic (Sol et al., 2016). The criterion is not specific, which makes it essential for analysts to must be trained to determine the difference between a real threat and false positives. In situations where false positives occur, the intelligence must be used (Change the sentence to Active Voice) to separate them from real threats. It should be added to existing rules so that the false positives do not trigger alerts that are more or less unnecessary (Sol et al., 2016).
A review of the rules should help ensure that the possibility of the generation of false positives is limited. A panel of experts can perform this role adequately. An in-depth examination should help to minimize false cases. It is also vital to test the rules before they are committed to the system. It will help evaluate whether they are capable of generating false positives, and it takes place without interfering with a business's ongoing operations. In case a rule results in false positives, additional iterations should be run. The rule should be modified or divided into several states with higher specificity and needs testing until they don't return false positives (Lemay & Leblanc, 2018).
Modern machine learning must be used (needs to be written in Active voice) to address the issue of false positives. The crucial component is in the capacity to quickly collect insight from new information and adapt accordingly. A fully automated incident response helps handle tasks that take up much time. The model that should be used (needs to be written in Active voice) will need to be sensitive to the software profile used within an organization. The model gets trained against both broad malware samples and good software samples, which should enhance the delivery of protection with the highest accuracy and least cases of false positives (Sol et al., 2016).
Numerous cases of false positives can overwork the staff and result in missing the real threats. The practices, as mentioned above, provide the means of limiting the incidence of false positives, thereby minimizing the time spent on attending to such cases. Automated incident response should provide organization security with the ability to balance the blocking of malware while avoiding impact on the business applications in regular use. A good comprehension of organization software and identification and training on malicious software is essential in accomplishing the goals. The critical factor is that the tasks that an automated system takes up free the staff to focus on addressing the real threats that they face (Sol et al., 2016).
Effect of False Positives on an Organization
False positives bear a significant impact on a business, primarily due to the fatigue that comes from persistent tracking of false positives. False positives also prevent workers from running inevitable processes or applications they require to accomplish their tasks. This fatigue subsequently reduces the productivity of staff that put much energy into the course. This is experienced across numerous entities that have reported their employees being less useful (Sentence is unclear specify what THIS refers to) . The investments made towards addressing the case have been substantial. The costs take up a significant portion of the revenue of a company. In recent times, the stakes in dealing with false positives have been on the rise, and the main effect observed in organizations' bottom line (Evans & Schmalensee, 2018). So it is virtually wasted investment.
False positives can cause a reduction in sales and revenue of a business. This is because the incidences lead to declines in legitimate transactions by customers (Sentence is unclear specify what THIS refers to). Online business transactions are significantly impacted (needs to be written in Active voice). This situation leads to damaging business reputation as clients expect a smooth experience that they do not get to receive. The outcome is reflected (needs to be written in Active voice) in the feelings of consumers towards a company. Some fraud detection solutions have been responsible for blocking consumers' legit orders (Evans & Schmalensee, 2018). The poor service delivery that results from false positives discourages customers from dealing with a given organization, which turns into impaired customer relationships. The impact on client relations is intensified (needs to be written in Active voice) in circumstances where they share information on their experience with the company. The false positives negate the effects of initiatives established towards attracting and retaining customers
References
Murdoch, S. (2019). TRANSFORMING CYBER INCIDENT RESPONSE. ITNOW, 61(1).
Sol, A. A. S., Markey, B., Fish, R. D., Ankney, D. J., Boia, D. D., & Ramdatmisier, V. (2016). U.S. Patent No. 9,485,263. Washington, DC: U.S. Patent and Trademark Office.
Evans, D. S., & Schmalensee, R. (2018). Accounting for Two-Sided Business Reality Reduces False Negatives as Well as False Positives in Antitrust Decisions Involving Platform Enterprises. Forthcoming, CPI Antitrust Chronicle, April.
Lemay, A., & Leblanc, S. (2018, March). Cognitive biases in cyber decision-making. In Proceedings of the 13th International Conference on Cyber Warfare and Security (p. 395).
