Cyber Insurance & Security Glossary

Acceptable Use Policy is a policy that defines the level of access and degree of use of the organization’s network or internet by the members of an organization.

Access Control List or ACL filter network traffic by controlling whether it's allowed or blocked.

An Access Path is a logical order that directs to the location on the computer where an object such as webpage, file etc., is stored.

An access point is a computer networking device which allows a Wi-Fi compliant device to connect to a wired network and usually connects via a router

An access profile is information about a user that is stored on a computer, including their password and name as well as what they are allowed access to.

Access rights are the privileges or permissions awarded to a user or a program to access or alter, edit, delete the files stored on a network. 

Access type is applied to an entity class, mapped superclass or embeddable class and is used to specify attributes

Accountability is the ability to trace an action performed on the system to a user, a process or an application. 

Accounting legend code is numeric code used to indicate the minimum accounting controls required for items accountable communications security (COMSEC) material within the control systems

period of time insured must incur eligible medical expenses at least equal to the deductible amount in order to establish a benefit period under a major medical expense or comprehensive medical expense policy.

Access Control List or ACL filter network traffic by controlling whether it's allowed or blocked.

Active security testing is security testing which involves directly interacting with a target, such as sending packets

repayment value for indemnification due to loss or damage of property; in most cases it is replacement cost minus depreciation

(PC Insurance)a document or other presentation, prepared as a formal means of conveying to the state regulatory authority and the Board of Directors, or its equivalent, the actuary's professional conclusions and recommendations, of recording and communicating the methods and procedures, of assuring that the parties addressed are aware of the significance of the actuary's opinion or findings and that documents the analysis underlying the opinion. (In Life and Health) this document would be called an "Actuarial Memorandum."

business professional who analyzes probabilities of risk and risk management including calculation of premiums, dividends and other applicable insurance industry standards.

An ad hoc network is a local area network (LAN) that spontaneously builds as devices connect. An ad hoc network does not rely on a base station to coordinate different points, rather the individual base nodes forward packets to and from each other.

Address Resolution Protocol (ARP) is used for discovering a physical machine (MAC) address and associating it to the Internet Protocol (IP) address.

a person who investigates claims and recommends settlement options based on estimates of damage and insurance policies held.

Administrative safeguards are a special set of the HIPPA security rules. Administrative safeguards focus on internal organization, policies and procedures and the maintenance of security managers which are in place to protect sensitive patient information.

insurer assets which can be valued and included on the balance sheet to determine financial viability of the company

An insurance company licensed to do business in a state(s), domiciled in an alternative state or country.

The Advanced Encryption Standard, or AES, is a symmetric block cipher chosen by the U.S. government to protect classified information and is implemented in software and hardware throughout the world to encrypt sensitive data.

Advanced penetration testing is the process of testing a network to discover vulnerabilities which make it open to harmful intruders; then addressing and remedying the issues.

An advanced persistent threat (APT) is a network attack in which an unauthorized person gains access to a network and stays there undetected for a long period of time.

occur when a policy has been processed, and the premium has been paid prior to the effective date. These are a liability to the company and not included in written premium or the unearned premium reserve.

An Adversary is a process, user or device that possesses a threat to the network. 

the social phenomenon whereby persons with a higher than average probability of loss seek greater insurance coverage than those with less risk

a group supported by member companies whose function is to gather loss statistics and publish trended loss costs.

Adware is type software that automatically displays or downloads unwanted advertising material.

The Advanced Encryption Standard, or AES, is a symmetric block cipher chosen by the U.S. government to protect classified information and is implemented in software and hardware throughout the world to encrypt sensitive data.

a person or entity that directly, or indirectly, through one or more other persons or entities, controls, is controlled by or is under common control with the insurer.

an individual who sells, services, or negotiates insurance policies either on behalf of a company or independently

the maximum dollar amount or total amount of coverage payable for a single loss, or multiple losses, during a policy period, or on a single project.

method of reimbursement of a health plan with a corporate entity that directly provides care, where (1) the health plan is contractually required to pay the total operating costs of the corporate entity, less any income to the entity from other users of services, and (2) there are mutual unlimited guarantees of solvency between the entity and the health plan that put their respective capital and surplus at risk in guaranteeing each other.

Air Gap is a network security measure to ensure that a secure computer network is physically isolated from unsecured networks.

an estimate of the claims settlement associated with a particular claim or claims.

An alert situation is when the interruption in an enterprise is not resolved even after the competition of the threshold stage, an alert situation requires the enterprise to start escalation procedure.

an insurance company formed according to the laws of a foreign country. The company must conform to state regulatory standards to legally sell insurance products in that state.

also known as open peril, this type of policy covers a broad range of losses. The policy covers risks not explicitly excluded in the policy contract.

coverages which are generally written with property insurance, e.g., glass, tornado, windstorm and hail; sprinkler and water damage; explosion, riot, and civil commotion; growing crops; flood; rain; and damage from aircraft and vehicle, etc.

Alternate facilities are secondary facilities includes Offices, data processing centers etc., from where high- priority emergency tasks can be performed, delivered when primary facilities are interrupted, unavailable

An alternate process is a back-up process devised to help continue business critical process without any interruption, from the time the primary enterprise system breaks down to the time of its restoration

also known as open peril, this type of policy covers a broad range of losses. The policy covers risks not explicitly excluded in the policy contract.

health services provided to members who are not confined to a health care institution. Ambulatory services are often referred to as "outpatient" services.

Analog is a transmission signal denoted by ‘Sine Way,’ that varies in signal strength (Amplitude) or Frequency (time). While the higher and lower points of the wave denotes the value of signal strength, on the other hand the physical length of the wave indicates the value of time.

an annual report required to be filed with each state in which an insurer does business. This report provides a snapshot of the financial condition of a company and significant events which occurred throughout the reporting year.

the beneficiary of an annuity payment, or person during whose life and annuity is payable

an annuity contract that provides for the fixed payment of the annuity at the end of the first interval of payment after purchase. The interval may vary, however the annuity payouts must begin within 13 months.

a contract providing income for a specified period of time, or duration of life for a person or persons.

Anonymizing proxies allow the user to hide their web browsing activity. They are often used to bypass web security filters—e.g., to access blocked sites from a work computer.

Anti-spam programs can detect unwanted email and prevent it from reaching user inboxes.

Antivirus software is a program or a set of programs that help prevent any malicious object, code, program from entering your computer or network. If any such malicious programs enters your computer, Antivirus software helps detect, quarantine, or remove such programs from the computer or networks

An advanced persistent threat (APT) is a network attack in which an unauthorized person gains access to a network and stays there undetected for a long period of time.

Address Resolution Protocol (ARP) is used for discovering a physical machine (MAC) address and associating it to the Internet Protocol (IP) address.