Cyber Insurance & Security Glossary

Perl is a family of high-level, general-purpose, dynamic programming languages. These languages include Perl 5 and Perl 6. Perl was originally developed by Larry Wall in 1987 as a general-purpose Unix scripting language.

Public-Key Forward Secrecy (PFS) is a key agreement protocol based on asymmetric cryptography. It ensures that a session key derived from a set of long-term public and private keys will not be compromised if one of the private keys is compromised in the future.

Pretty Good Privacy (PGP) TM is a trademark data encryption and decryption program. This program provides cryptographic privacy and authentication for data communication. It was created by Phil Zimmermann in 1991. PGP is generally used for encrypting and decrypting texts, e-mails, files, directories, and whole disk partitions and to increase the security of e-mail communications.

A Public Key Infrastructure (PKI) is a framework which supports the identification and distribution of public encryption keys.

Polyinstantiation is the ability of a database to maintain multiple records with the same key. It is used to prevent inference attacks. It may also indicate, such as in the case of database polyinstantiation, that two different instances have the same name (identifier, primary key)

Polymorphism is the process where malicious software changes its underlying code to avoid detection. A polymorphic type is one whose operations can also be applied to values of some other type, or types

Post Office Protocol, Version 3 (POP3) is an Internet Standard protocol through which a client workstation can access a mailbox on a server host to retrieve mail messages that the server has received and is holding for the client.

A port is an end point of communication in an operating system. It is identified for each address and protocol by a 16-bit number, commonly known as the port number.

A port scan is a sequence of messages sent by an attacker attempting to break into a computer. Port scanning provides the attacker an idea where to probe for weaknesses. A port scan consists of sending a message to each port, one at a time.

Possession is the holding, control, and ability to use information.

Post Office Protocol, Version 3 (POP3) is an Internet Standard protocol through which a client workstation can access a mailbox on a server host to retrieve mail messages that the server has received and is holding for the client.

Potentially unwanted applications are programs that are not malicious but may be unsuitable for use in a business environment, and may create security concerns.

Perl is a family of high-level, general-purpose, dynamic programming languages. These languages include Perl 5 and Perl 6. Perl was originally developed by Larry Wall in 1987 as a general-purpose Unix scripting language.

Pretty Good Privacy (PGP) TM is a trademark data encryption and decryption program. This program provides cryptographic privacy and authentication for data communication. It was created by Phil Zimmermann in 1991. PGP is generally used for encrypting and decrypting texts, e-mails, files, directories, and whole disk partitions and to increase the security of e-mail communications.

Arrangement, insured or uninsured, where contracts are established by Health Plan Companies (typically, commercial insurers, and, in some circumstances, by self-insured employers) with health care providers. The Health Plans involved will often designate these contracted providers as "preferred" and will provide an incentive, usually in the form of lower deductibles or co-payments, to encourage covered individuals to use these providers. Members are allowed benefits for non-participating provider services on an indemnity basis with significant copayments and providers are often, but not always, paid on a discounted fee for service basis.

Insured, or applicant for insurance, who presents likelihood of risk lower than that of the standard applicant.

Money charged for the insurance coverage reflecting expectation of loss.

The portion of premium for which the policy protection or coverage has already been given during the now-expired portion of the policy term.

Is the amount calculated on the basis of the interest and mortality table used to calculate the reporting entity's statutory policy reserves.

Total premiums generated from all policies (contracts) written by an insurer within a given period of time.

Coverage that takes precedence when more than one policy covers the same loss.

A state regulatory requirement for pre-approval of all insurance rates and forms.

IANA has set aside three address ranges for use by private or non-Internet connected networks. This is referred to as Private Address Space and is defined in RFC 1918. The reserved address blocks are: 10.0.0.0 to 10.255.255.255 (10/8 prefix) 172.16.0.0 to 172.31.255.255 (172.16/12 prefix) 192.168.0.0 to 192.168.255.255 (192.168/16 prefix).

An individual who sells, services, or negotiates insurance policies either on behalf of a company or independently.

Insurance coverage protecting the manufacturer, distributor, seller, or lessor of a product against legal liability resulting from a defective condition causing personal injury, or damage, to any individual or entity, associated with the use of the product.

Coverage available to pay for liability arising out of the performance of professional or business related duties, with coverage being tailored to the needs of the specific profession. Examples include abstracters, accountants, insurance adjusters, architects, engineers, insurance agents and brokers, lawyers, real estate agents, stockbrokers.

A program infector is a piece of malware (or virus) that attaches itself to existing program files. Once the original infected program is run the virus transfers to the computer memory and may replicate itself further, spreading the infection. This type of virus can be spread beyond one’s system as soon as the infected file or program is passed to another computer.

A program policy is a high-level policy that sets the overall tone of an organization’s security approach

Promiscuous mode allows a network device to intercept and read each network packet that reaches in its entirety. This is used by network administrators to diagnose network problems, but also by unsavoury characters who are trying to eavesdrop on network traffic (which might contain passwords or other information).

Coverage protecting the insured against loss or damage to real or personal property from a variety of perils, including but not limited to fire, lightening, business interruption, loss of rents, glass breakage, tornado, windstorm, hail, water damage, explosion, riot, civil commotion, rain, or damage from aircraft or vehicles.

Proprietary information is that information unique to a company and its ability to compete, such as customer lists, technical data, product costs, and trade secrets.

An insurance-linked security retained within the insurance or reinsurance company and is used to insulate the proceeds of the securities offering from the general business risks of the insurer, granting an additional comfort level for investors of the securitized instrument.

A protocol is a special set of rules that end points in a telecommunication connection use when they communicate. Protocols specify interactions between the communicating entities. Protocols exist at several levels in a telecommunication connection.

Protocol Stacks are a set of network protocol layers that work together.

Contingencies outlined in an insurance policy

Event covered under insured's policy agreement.

A proxy server is a server that acts as an intermediary for requests from clients seeking resources from other servers.

Potentially unwanted applications are programs that are not malicious but may be unsuitable for use in a business environment, and may create security concerns.

Independent claims adjuster representing policyholders instead of insurance companies.

A Public Key is the publicly-disclosed component of a pair of cryptographic keys used for asymmetric cryptography.

Public Key Encryption is also known as asymmetric cryptography. Public key encryption is a cryptographic system that uses two keys, a public key known to everyone and a private or secret key known only to the recipient of the message

Public-Key Forward Secrecy (PFS) is a key agreement protocol based on asymmetric cryptography. It ensures that a session key derived from a set of long-term public and private keys will not be compromised if one of the private keys is compromised in the future.

A Public Key Infrastructure (PKI) is a framework which supports the identification and distribution of public encryption keys.

That portion of the premium equal to expected losses void of insurance company expenses, premium taxes, contingencies, or profit margin.

Circumstance including possibility of loss or no loss but no possibility of gain.

A QAZ is a network worm.

A person who meets the basic education, experience and continuing education requirements (these differ by line of business) of the Specific Qualification Standard for Statements of Actuarial Opinion, NAIC Property and Casualty Annual Statement, as set forth in the Qualification Standards for Actuaries Issuing Statements of Actuarial Opinion in the United States, promulgated by the American Academy of Actuaries, and is in good standing of the American Academy of Actuaries who has been approved as qualified for signing casualty loss reserve opinions by the Casualty Practice Council of the American Academy of Actuaries.

Race Condition is also known as race hazard. Race Condition is the behavior of an electronic, software, or other system where the output is dependent on the sequence or timing of other uncontrollable events. This becomes a bug when events don’t happen in the order the programmer planned. Race conditions can occur in electronics systems, especially logic circuits, and in computer software, especially multithreaded or distributed programs.

Radiation monitoring is the process of receiving images, data, or audio from an unprotected source by snooping to radiation signals

Type of malicious software that blocks access to your files or computer until a ransom is paid. However, there's no guarantee that paying a ransom will allow you to unlock your files or computer.

Value of insured losses expressed as a cost per unit of insurance.

A refund of part or all of a premium payment.

Reconnaissance is the phase of an attack where an attacker is able to locate new systems, maps out several networks, and probes for specific vulnerabilities in the system or network. It is used to obtain information by either visual observation or other detection methods about the activities and resources of an attacker

A group authorized and organized to emulate a potential adversary?s attack or exploitation capabilities against an enterprise?s cybersecurity posture.

An additional system that maintains a degree of overall functionality in case of loss or failure of another system.

Reflexive access lists are an important part of securing the network against network hackers and is generally included in a firewall defence. Reflexive access lists provides a level of security against spoofing and denial-of-service attacks. Reflexive ACLs for Cisco routers are a step towards making the router act like a stately firewall. The router makes filtering decisions based on whether connections are a part of established traffic or not