Cyber Insurance & Security Glossary

A set of accounting principles set forth by the National Association of Insurance Commissioners used to prepare statutory financial statements for insurance companies.

Unsolicited messages sent to a large number of recipients usually through commercial messages such as emails, text messages, or Internet postings.

A program for detecting and blocking unsolicited email on a network.

A Spanning port is used to configure the switch to behave like a hub for a specific port.

A phishing attack that targets specific users to persuade people in an organization to reveal critical data or credentials.

A Split Horizon is an algorithm used to prevent routing loops in distance-vector routing protocols by prohibiting a router from advertising a route back onto the interface from which it was learned.

A Split key is a cryptographic key that is divided into two or more separate data items that individually convey no knowledge of the whole key or information that results from combining the items.

A Spoof is an attack attempt by an unauthorized entity or attacker to gain illegitimate access to a system by posing as an authorized user

Email spoofing is when the sender address of an email is forged for the purposes of social engineering.

Spyware is a type of malware that’s secretly installed on a device. In most cases, spyware tracks and relays user activities such as keystrokes and browsing behavior.

SQL Injection or SQLi refers to an injection attack wherein an attacker executes malicious Structured Query Language (SQL) statements on a web application’s database server to gains access or make changes to the data.

Stack smashing is used to cause a stack in a computer application or operating system to overflow. This makes it possible to weaken the program or system or cause it to crash. The stack is also called a pushdown stack or first-in last-out circuit. It is a form of buffer that holds the intermediate results of an operation or data that is awaiting processing.

Standard Access Control Lists (ACLs) are essentially a set of commands, grouped together by a number or name that is used to filter traffic entering or leaving an interface. ACLs make packet filtering decisions based on Source IP address only

A person who, according to a company's underwriting standards, is considered a normal risk and insurable at standard rates. High or low risk candidates may qualify for extra or discounted rates based on their deviation from the standard.

Star networks are one of the most common computer network topologies. A star network consists of one central switch, hub or computer, which acts as a conduit to transmit messages. This consists of a central node, to which all other nodes are connected. The central node provides a common connection point for all nodes through a hub.

A Star Property is a who user is unable to write data to a lower classification level without logging in at that lower classification level when using star property.

A state machine is any device that stores the status of something at a given time and can operate on input to change the status and cause an action to take place for any given change. A computer is basically a state machine and each machine instruction is input that changes one or more states and may cause other actions to take place. Each computer’s data register stores a state. The read-only memory from which a boot program is loaded stores a state

The state where a company's home office is located.

Exhibit of Premiums and Losses for each state a company is licensed. The state of domicile receives a schedule for each jurisdiction the company wrote direct business, or has amounts paid, incurred or unpaid.

The stateful inspection also referred to as dynamic packet filtering is a type of packet filtering that helps to control how data packets move through a firewall.

Refers to the primary business type under which the company files its annual and quarterly statement, such as Life, Property, Health, Fraternal, Title.

The Statutory Accounting Principle book value reduced by any valuation allowance and non-admitted adjustment applied to an individual investment or a similar group of investments, e.g., bonds, mortgage loans, common stock.

Static host tables are text files that contain hostname and address mapping.

Static routing is a form of routing that occurs when a router uses a manually-configured routing entry, rather than information from a dynamic routing traffic. Static routing can also be used in stub networks, or to provide a gateway of last resort.

Method of accounting standards and principles used by state regulatory authorities to measure the financial condition of regulated companies and other insurance enterprises. This method tends to be more conservative than the Generally Accepted Accounting Principles used by most businesses. Compliance with solvency and other standards is determined using financial documents prepared in accordance with Statutory Accounting Principles.

A set of accounting principles set forth by the National Association of Insurance Commissioners used to prepare statutory financial statements for insurance companies.

Stealthing is a term that refers to approaches used by malicious code to conceal its presence on the infected system

Steganalysis is the study of detecting and defeating the use of steganography. This is analogous to cryptanalysis applied to cryptography

Steganography is a technique used to hide the existence of a message, files, or any other information. The first recorded use of the term was in 1499 by Johannes Trithemius in his Steganographia. This is different than cryptography, which hides the meaning of a message but does not hide the message itself. An example of a steganographic method is the invisible ink.

Stimulus is network traffic that initiates a connection or solicits a response

Store-and-Forward is a telecommunications technique in which information is sent to an intermediate station where it is kept and sent at a later time to the final destination or to another intermediate station.

A straight-through cable is a type of twisted pair cable that is used in local area networks to connect a computer to a network hub such as a router. This type of cable is also sometimes called a patch cable and is an alternative to wireless connections where one or more computers access a router through a wireless signal.

A stream cipher is a symmetric key cipher where plaintext digits are combined with a pseudorandom cipher digit stream. In a stream cipher, each plaintext digit is encrypted one at a time with the corresponding digit of the keystream, to give a digit of ciphertext stream.

In Strong Star Property, a user cannot write data to higher or lower classifications levels than their own

Loan-backed securities that have been divided into two or more classes of investors where the payment of interest and/or principal of any class of securities has been allocated in a manner that is not proportional to interest and/or principal received by the issuer from the mortgage pool or other underlying securities.

Periodic fixed payments to a claimant for a determinable period, or for life, for the settlement of a claim.

A sub network is a separately identifiable part of a larger network that typically represents a certain limited number of host computers, the hosts in a building or geographic area, or the hosts on an individual local area network.

A subnet mask is used to determine the number of bits that are used for the subnet and host portions of the address. It is used as a screen of numbers used for routing traffic within a subnet. Once a packet has arrived at a gateway or connection point with its unique network number, it can be routed to its destination within the internal gateways using the subnet number.

Situation where an insurer, on behalf of the insured, has a legal right to bring a liability suit against a third party who caused losses to the insured. Insurer maintains the right to seek reimbursement for losses incurred by insurer at the fault of a third party.

Section of insurance policies giving an insurer the right to take legal action against a third party responsible for a loss to an insured for which a claim has been paid.

Events or transactions that occur subsequent to the balance sheet date, but before the issuance of the statutory financial statements and before the date the audited financial statements are issued, or available to be issued.

Impaired risk) risks deemed undesirable due to medical condition or hazardous occupation requiring the use of a waiver, a special policy form, or a higher premium charge.

A three-party agreement whereby a guarantor (insurer) assumes an obligation or responsibility to pay a second party (obligee) should the principal debtor (obligor) become in default.

Insurance term referring to retained earnings.

Specialized property or liability coverage available via non-admitted insurers where coverage is not available through an admitted insurer, licensed to sell that particular coverage in the state.

When an endpoint security solution scans files, it labels them as clean or malicious. If a file has a number of questionable characteristics or behavior, it is labeled as suspicious.

An agreement to exchange or net payments as the buyer of an Option, Cap or Floor and to make payments as the seller of a different Option, Cap or Floor.

Is a device that connects multiple devices together on a network by using packet switching to receive, process, and forward data to the destination devices.

A Stitched Network is a fully switched network is a computer network that uses only network switches rather than network hubs on Ethernet local area networks. The switches allow for a dedicated connection to each workstation. A switch allows for many conversations to occur simultaneously

Symbolic links are sometimes also known as symlinks. Symbolic links are essentially advanced shortcuts that point to another file.

Symmetric Cryptography is a branch of cryptography involving algorithms that use symmetrical keys for two different steps of the algorithm. Symmetric cryptography is called secret-key cryptography because the entities that share the key.