Cyber Insurance & Security Glossary

A command and control center (C&C) is a computer that controls a network of compromised computers.

A Common Attack Pattern Enumeration and Classification is a document published by MITRE Corporation that details how vulnerable systems are attacked. The community-developed document describes common attack patterns and how such attacks are executed.

A Computer Emergency Response Team (CERT) is a team formed to study the vulnerabilities of information systems of an organization and offer solutions and strategies to face such vulnerabilities. Such teams are highly organized with clearly defined clear roles and responsibilities

a request made by the insured for insurer remittance of payment due to loss incurred and covered under the policy agreement.

A claimant is the party who needs to be identified via an authentication protocol.

costs expected to be incurred in connection with the adjustment and recording of accident and health, auto medical and workers' compensation claims.

A type of liability insurance form that only pays if the both event that causes (triggers)the claim and the actual claim are submitted to the insurance company during the policy term

a method of determining rates for all applicants within a given set of characteristics such as personal demographic and geographic location.

Cleartext is data in ASCII format or data that is not coded or encrypted. All applications and machines support plain text.

The Clinger-Cohen Act is also known as the Information Technology Management Reform Act. This statute made significant changes in the way the way that IT resources are managed and procured.  The most significant aspect of this act is the requirement that each agency design and implement a process for maximizing the value and assessing and managing the risks of IT investments

Cloud computing is the on-demand delivery of compute power, database storage, applications, and other IT resources through a cloud services platform via the internet with pay-as-you-go pricing.

Cloud security refers to a broad set of policies, technologies, and controls deployed to protect data, applications, and the associated infrastructure of cloud computing.

A clause contained in most property insurance policies to encourage policy holders to carry a reasonable amount of insurance. If the insured fails to maintain the amount specified in the clause (Usually at least 80%), the insured shares a higher proportion of the loss. In medical insurance a percentage of each claim that the insured will bear.

A cold site is a backup site that can became operational fairly quickly, usually in one or two days. A cold site might have all the standard office things such as furniture and telephones, however there is unlikely to be any computer equipment in a cold site. Basically, a cold site is a backup facility ready to receive computer equipment should it need to move to an alternate location.

an agreement to receive payments as the buyer of an Option, Cap or Floor and to make payments as the seller of a different Option, Cap or Floor.

unconditional obligations for the payment of money secured by the pledge of an investment.

an investment-grade bond backed by a pool of low-grade debt securities, such as junk bonds, separated into tranches based on various levels of credit risk.

a type of mortgage-backed security (MBS) with separate pools of pass-through security mortgages that contain varying classes of holders and maturities (tranches) with the advantage of predictable cash flow patterns.

A collision is a situation where two or more devices – networking devices or computers – try sending requests or transmit data to the same device at the same time.

a special form of package policy composed of personal automobile and homeowners insurance

an indication of the profitability of an insurance company, calculated by adding the loss and expense ratios

A command and control center (C&C) is a computer that controls a network of compromised computers.

date when the organization first became obligated for any insurance risk via the issuance of policies and/or entering into a reinsurance agreement. Same as "effective date" of coverage.

flexible & broad commercial liability coverage with two major sub-lines: premises/operations sub-line and products/completed operations sub-line.

policy that packages two or more insurance coverages protecting an enterprise from various property and liability risk exposures. Frequently includes fire, allied lines, various other coverages (e.g., difference in conditions) and liability coverage. Such coverages would be included in other annual statement lines, if written individually. Include under this type of insurance multi-peril policies (other than farmowners, homeowners and automobile policies) that include coverage for liability other than auto.

provides a broad package of property and liability coverages for commercial ventures other than those provided insurance through a business owners policy.

property insurance coverage sold to commercial ventures.

a percentage of premium paid to agents by insurance companies for the sale of policies.

A Common Access Card is a Standard identification/smart card issued by the Department of Defense.  A Common Access Card has an embedded integrated chip storing public key infrastructure (PKI) certificates

A Common Attack Pattern Enumeration and Classification is a document published by MITRE Corporation that details how vulnerable systems are attacked. The community-developed document describes common attack patterns and how such attacks are executed.

a rating system where standard rating is established and usually adjusted within specific guidelines for each group on the basis of anticipated utilization by the group's employees.

a five-digit identifying number assigned by NAIC, assigned to all insurance companies filing financial data with NAIC.

Compartmentalization is a technique of protecting confidential information by revealing it only to a few people, to those who actually need to know the details to perform their job. Thus, by restricting access to information, data the risk to business objectives is limited.

policies covering the liability of contractors, plumbers, electricians, repair shops, and similar firms to persons who have incurred bodily injury or property damage from defective work or operations completed or abandoned by or for the insured, away from the insured's premises.

A Compliance Document is a document detailing the actions required to comply or adhere to the set standards by regulatory bodies. Any violations of the said rules attract punitive actions from the regulatory bodies.

coverage of all business liabilities unless specifically excluded in the policy contract.

A Computer Emergency Response Team (CERT) is a team formed to study the vulnerabilities of information systems of an organization and offer solutions and strategies to face such vulnerabilities. Such teams are highly organized with clearly defined clear roles and responsibilities

Computer Forensics is the process of analyzing and investing computer devices, on suspecting that such devices may have been used in a cybercrime, with the aim of gathering evidence for presentation in a court of law. Computer forensics offer many tools for investigation and analysis to find out such evidence

property loss incurred from two or more perils in which only one loss is covered but both are paid by the insurer due to simultaneous incident.

requirements specified in the insurance contract that must be upheld by the insured to qualify for indemnification

Computer Forensics is the process of analyzing and investing computer devices, on suspecting that such devices may have been used in a cybercrime, with the aim of gathering evidence for presentation in a court of law. Computer forensics offer many tools for investigation and analysis to find out such evidence.

Consumerization refers to new trends or changes in enterprise technology as more and more consumers embrace such technology. Employees use devices for personal use and as they gain wide acceptance, even organizations start using such technologies

Containment is steps taken to control any further risks up on identifying a threat.

Content Filtering is a process by which access to certain content, information, data is restricted, limited, or completely blocked based on organization’s rules. Any objectionable email, website, etc., is blocked using either software or hardware based tools.

required by some jurisdictions as a hedge against adverse experience from operations, particularly adverse claim experience.

reserves set up when, due to the gross premium structure, the future benefits exceed the future net premium. Contract reserves are in addition to claim and premium reserves

liability coverage of an insured who has assumed the legal liability of another party by written or oral contract. Includes a contractual liability policy providing coverage for all obligations and liabilities incurred by a service contract provider under the terms of service contracts issued by the provider.

Control is the policies, strategies, guidelines, etc. established in collaboration with various departments of an organization such as management, legal, technical to help mitigate risk.

an insurance policy that can be converted into permanent insurance without a medical assessment. The insurer is required to renew the policy regardless of the health of the insured subject to policy conditions.

An HTTP cookie (also called web cookie, Internet cookie, browser cookie, or simply cookie) is a small piece of data sent from a website and stored on the user's computer by the user's web browser while the user is browsing.

provision to eliminate over insurance and establish a prompt and orderly claims payment system when a person is covered by more than one group insurance and/or group service plan.

a cost sharing mechanism in group insurance plans where the insured pays a specified dollar amount of incurred medical expenses and the insurer pays the remainder.

commissioner's directive of action to be completed by an insurer.