A false positive occurs when a system incorrectly identifies a legitimate item as a threat or an unwanted entity. In the case of a spam filter, a false positive happens when the filter mistakenly classifies a genuine email as spam, even though it is legitimate.
Option A: "The spam filter removed incoming communication that included certain keywords and domains."
This describes a general filtering mechanism but does not indicate a mistake. If the filter was correctly configured, it is not necessarily a false positive. (Incorrect)
Option B: "The spam filter deleted commercial ads automatically, as they were recognized as unwanted."
If the ads were indeed unwanted, this is a true positive, meaning the system worked correctly. (Incorrect)
Option C: "The spam filter routed to the 'junk' folder a newsletter that appeared to include links to fake websites."
If the newsletter contained suspicious links, the filter was functioning as designed. This is not necessarily an error. (Incorrect)
Option D: "The spam filter blocked a fitness club gift card that coworkers sent to an employee for her birthday."
This is a clear example of a false positive because the email was not spam or malicious, yet the filter mistakenly blocked it. (Correct Answer)
IIA GTAG (Global Technology Audit Guide) on Cybersecurity and IT Risks: Discusses false positives and negatives in automated security controls.
IIA’s "Auditing IT Security Controls" Report: Emphasizes the need for tuning security filters to reduce false positives.
COBIT 2019 – DSS05.07 (Manage Security Services): Highlights the importance of minimizing false positives to ensure business communication is not disrupted.
Analysis of Each Option:IIA References:Thus, the correct answer is D. The spam filter blocked a fitness club gift card that coworkers sent to an employee for her birthday.
