Cyber Insurance & Security Glossary

Reverse Address Resolution Protocol (RARP) is a protocol where a physical machine in a local area network (LAN) can request to learn its IP address from a gateway server’s Address Resolution Protocol (ARP) table or cache. When a new machine is set up, its RARP client program requests from the RARP server on the router to be sent its IP address

Ratio used to identify insurance companies that are poorly capitalized. Calculated by dividing the company's capital by the minimum amount of capital regulatory authorities have deemed necessary to support the insurance operations.

Registry is a system-defined database where applications and system components store and retrieve configuration data. Applications use the registry API to retrieve, modify, or delete registry data.

The use of scripted tests which are used to test software for all possible input is should expect. Typically developers will create a set of regression tests that are executed before a new version of a software is released

A transaction between a primary insurer and another licensed (re) insurer where the reinsurer agrees to cover all or part of the losses and/or loss adjustment expenses of the primary insurer. The assumption is in exchange for a premium. Indemnification is on a proportional or non-proportional basis.

Company assuming reinsurance risk.

The ability to access a computer from a remote location.

Insurance that is renewable for a limited number of successive terms by the policyholder and is not contingent upon medical examination.

Includes both expected payments for losses relating to insured events that have occurred and have been reported to the insurance company, but not yet paid.

A Request for Comments (RFC) is a type of publication from the Internet Engineering Task Force (IETF) and the Internet Society. An RFC is authored by engineers and computer scientists in the form of a memorandum describing methods, behaviors, research, or innovations applicable to the working of the Internet and Internet-connected systems. RFC started in 1969, when the Internet was the ARPANET.

A portion of the premium retained to pay future claims.

Reduction of reserve amounts for reinsurance ceded. Reductions may include the claim reserve and/or the unearned premium reserve.

Method devised for coverage of greater than average risk individuals who cannot obtain insurance through normal market channels.

Resource exhaustion is a kind of attack where the attacker or hacker ties up finite resources on a system, making them unavailable to others.

A response is information that is sent in response to some stimulus

A mechanism of internal fund allocation for loss exposure used in place of or as a supplement to risk transfer to an insurance company.

The portion of risk that a reinsurance company cedes or amount of insurance the company chooses not to retain.

The process of determining the cost of an insurance policy based on the actual loss experience determined as an adjustment to the initial premium payment.

Reverse Address Resolution Protocol (RARP) is a protocol where a physical machine in a local area network (LAN) can request to learn its IP address from a gateway server’s Address Resolution Protocol (ARP) table or cache. When a new machine is set up, its RARP client program requests from the RARP server on the router to be sent its IP address

Reverse engineering is also known as the “Back Engineering” and is the process of extracting design information or any kind of sensitive information by disassembling and analyzing the design of a system component

The Reverse Lookup is used to locate the hostname that corresponds to a particular IP address. Reverse lookup uses an IP (Internet Protocol) address to find a domain name

A reverse proxy is a device or service that is placed between a client and a server in a network. All the incoming HTTP requests are handled by the proxy (back-end webservers), so the proxy can then send the content to the end-user.

A Request for Comments (RFC) is a type of publication from the Internet Engineering Task Force (IETF) and the Internet Society. An RFC is authored by engineers and computer scientists in the form of a memorandum describing methods, behaviors, research, or innovations applicable to the working of the Internet and Internet-connected systems. RFC started in 1969, when the Internet was the ARPANET.

An amendment to a policy agreement.

The Routing Information Protocol (RIP) defines a manner for routers to share information on how to route traffic among various networks. RIP is classified by the Internet Engineering Task Force (IETF) as an Interior Gateway Protocol (IGP), one of several protocols for routers moving traffic around within a larger autonomous system network

Uncertainty concerning the possibility of loss by a peril for which insurance is pursued

Risk assessment is a systematic process to analyze and identify any possible threats or risks that may leave sensitive information vulnerable to attacks. It also employs methods to calculate the risk impact and eliminate such threats.

Risk averse means avoiding risks even if this leads to the loss of opportunity. An example is using a (more expensive) phone call vs. sending an e-mail in order to avoid risks associated with e-mail may be considered “Risk Averse”.

Ratio used to identify insurance companies that are poorly capitalized. Calculated by dividing the company's capital by the minimum amount of capital regulatory authorities have deemed necessary to support the insurance operations.

A 1986 federal statute amending portions of the Product Liability Risk Retention Act of 1981 and enacted to make organization of Risk Retention Groups and Purchasing Groups more efficient.

Group-owned insurer organized for the purpose of assuming and spreading the liability risks to its members.

Rivest-Shamir-Adleman (RSA) is one of the first practical public-key cryptosystems and is widely used for secure data transmission. RSA is an algorithm for asymmetric cryptography, invented in 1977 by Ron Rivest, Adi Shamir, and Leonard Adleman. This is based on the practical difficulty of factoring the product of two large prime numbers, the factoring problem

Role based access control (RBAC) assigns users to roles based on their organizational functions and determines authorization based on those roles. It is used by enterprises with more than 500 employees, and can implement mandatory access control (MAC) or discretionary access control (DAC

Root is the user name or account that by default has access to all commands and files on a Linux or other Unix-like operating system. It is also referred to as the root account, root user and the super user

A rootkit is a type of malware that gives a threat actor remote access to and control over a computer or other system.

A router is a device that forwards or transfers data packets across networks. A router is connected to at least two networks, commonly two LANs or WANs or a LAN and its ISP’s network. Routers are located at gateways, the places where two or more networks connect.

The Routing Information Protocol (RIP) defines a manner for routers to share information on how to route traffic among various networks. RIP is classified by the Internet Engineering Task Force (IETF) as an Interior Gateway Protocol (IGP), one of several protocols for routers moving traffic around within a larger autonomous system network

A routing loop is where two or more poorly configured routers repeatedly exchange the same data packet over and over. In case of distance vector protocols, the fact that these protocols route by rumor and have a slow convergence time can cause routing loops.

RPC scans determine which RPC services are running on a machine

Rivest-Shamir-Adleman (RSA) is one of the first practical public-key cryptosystems and is widely used for secure data transmission. RSA is an algorithm for asymmetric cryptography, invented in 1977 by Ron Rivest, Adi Shamir, and Leonard Adleman. This is based on the practical difficulty of factoring the product of two large prime numbers, the factoring problem

Rule Set Based Access Control (RSBAC) targets actions based on rules for entities operating on objects. RSBAC is an open source access control framework for current Linux kernels, which has been in stable production use since January 2000.

Rule Set Based Access Control (RSBAC) targets actions based on rules for entities operating on objects. RSBAC is an open source access control framework for current Linux kernels, which has been in stable production use since January 2000.

Runtime protection blocks attempts to access vulnerable parts of your computer.

An S/KEY is a one-time password mechanism developed for authentication to Unix-like operating systems, particularly from dumb terminals or untrusted public computers. This mechanism uses a cryptographic hash function to generate a sequence of 64-bit, one-time passwords for remote user login. Since each password is only used once, the user is protected from password sniffers.

An S/MIME is a set of specifications for securing electronic mail.  Secure/ Multipurpose Internet Mail Extensions (S/MIME) is based upon the widely used MIME standard and describes a protocol for adding cryptographic security services through MIME encapsulation of digitally signed and encrypted objects. The basic security services offered by S/MIME are authentication, non-repudiation of origin, message integrity, and message privacy. Optional security services include signed receipts, security labels, secure mailing lists, and an extended method of identifying the signer’s certificate(s)

A safeguarding statement is a statement affixed to a computer output or printout that states the highest classification being processed at the time the product was produced and requires control of the product, at that level, until determination of the true classification by an authorized individual.  Synonymous with banner

Safeguards are protective measures prescribed to meet the security requirements (i.e., confidentiality, integrity, and availability) specified for an information system. Safeguards may include security features, management constraints, personnel security, and security of physical structures, areas, and devices. Synonymous with security controls and countermeasures.

Safety is defined as the requirement to ensure that the individuals involved with an organization, including employees, customers, and visitors, are safeguarded from any kind of malicious act or attack.

Salt is a non-secret value that is used in a cryptographic process, usually to ensure that the results of computations for one instance cannot be reused by an Attacker

Value recoverable after a loss.

Sandboxing is a method of isolating application modules into distinct fault domains enforced by software.

Sanitization is the process to remove information from media such that information recovery is not possible. It includes removing all labels, markings, and activity logs. A general term referring to the actions taken to render data written on media unrecoverable by both ordinary and, for some forms of sanitization, extraordinary means

Scanning is sending packets or requests to another system to gain information to be used in a subsequent attack

Scatternet is a chain of piconets created by allowing one or more Bluetooth devices to each be a slave in one piconet and act as the master for another piconet simultaneously. A scatternet allows several devices to be networked over an extended distance.

Scavenging is the process of searching through data residue in a system or a network to gain unauthorised knowledge of sensitive information.

Scoping guidance is a  part of tailoring guidance providing organizations with specific policy/regulatory-related, technology-related, system component allocation-related, operational/environmental-related, physical infrastructure-related, public access-related, scalability-related, common control-related, and security objective-related considerations on the applicability and implementation of individual security controls in the security control baseline.  Scoping Guidance  is also specific factors related to technology, infrastructure, public access, scalability, common security controls, and risk that can be considered by organizations in the applicability and implementation of individual security controls in the security control baseline.