Cyber Insurance & Security Glossary

A Countermeasure is a defensive mechanism that helps mitigate risk, threat, to a network or computers, using a process, system or a device.

The total number of lives insured, including dependents, under individual policies and group certificates.

individual or group policies that provide benefits to a debtor for full or partial repayment of debt associated with a specific loan or other credit transaction upon disability or involuntary unemployment of debtor, except in connection with first mortgage loans

an insurance certificate issued on an existing insurance contract indicating that another insurer has assumed all of the risk under the contract from the ceding insurance company.

coverage purchased by manufacturers, merchants, educational institutions, or other providers of goods and services extending credit, for indemnification of losses or damages resulting from the nonpayment of debts owed to them for goods or services provided in the normal course of their business.

makes monthly loan/credit transaction payments to the creditor upon the disablement of an insured debtor.

policy assigning creditor as beneficiary for insurance on a debtor thereby remitting balance of payment to creditor should the debtor become disabled.

makes loan/credit transaction payments to the creditor when the debtor becomes involuntarily unemployed.

policy assigning creditor as beneficiary for insurance on a debtor thereby remitting balance of payment to creditor upon death of debtor.

insurance written in connection with a credit transaction where the collateral is not a motor vehicle, mobile home or real estate and that covers perils to the goods purchased through a credit transaction or used as collateral for a credit transaction and that concerns a creditor's interest in the purchased goods or pledged collateral, either in whole or in part; or covers perils to goods purchased in connection with an open-end transaction.

insurance that is purchased unilaterally by the creditor, who is the named insured, subsequent to the date of the credit transaction, providing coverage against loss, expense or damage to property as a result of fire, theft, collision or other risks of loss that would either impair a creditor's interest or adversely affect the value of collateral. "Creditor Placed Home" means "Creditor Placed Insurance" on homes, mobile homes and other real estate. "Creditor Placed Auto" means insurance on automobiles, boats or other vehicles

part of the risk-based capital formula that addresses the collectability of a company's receivables and the risk of losing a provider or intermediary that has received advance capitation payments.

Critical Infrastructure is the fundamental system of an organization that is important for its function.

Criticality is the level of importance assigned to an asset or information. The organization may not function effectively and efficiently in the absence of an asset or information that is highly critical.

A type of injection security attack where an attacker will inject a malicious script into the content of website.

The use of a mathematical technique of writing or solving codes.

A system or an algorithm to encrypt plain text to secret code or cipher text to protect the privacy of information stored. A key helps convert plain text to cipher text and vice-versa.

Cyber Security Architecture is the information security layout that describes the overall structure, including its various components, and their relationships in an organization. It displays how strong the data security, controls and preventive mechanisms implemented in the organization.

A Cybercop is a law enforcement officer entrusted with the responsibilities of monitoring online activities to control criminal activities online or cybercrimes.

Cyberespionage is spying on the computer systems of an organization with the help of a virus to steal or destroy data, information, etc. Such spying is unauthorized and happens in a clandestine matter.

Cyberwarefare is virtual warfare waged online over the internet to weaken or harm the financial systems of an organization by stealing private and personal information available online on websites, etc.

The encrypted part of the internet that is not indexed by search engines. It is a subset of the deep web (which can be accessed by anyone with the correct url). Dark web pages need special software (ex. Tor) with the correct decryption key and access rights and knowledge to find content. Users of the dark web remain almost completely anonymous due to its P2P network connections which makes network activity very difficult to trace.

Data aggregation is any process in which information is gathered and expressed in a summary form, for purposes such as statistical analysis.

A data asset is any entity that is comprised of data; for example, a database is an example of a data asset. A system or application output file, database, document, or Web page are also considered data assets. Data assets can also be a service that may be provided to access data from an application.

A data breach is a security incident in which sensitive, protected or confidential data is copied, transmitted, viewed, stolen or used by an individual who is not unauthorized to do so.

Data Classification is a data management process that involves of categorizing and organizing data into different classes based on their forms, types, importance, sensitivity, and usage in an organization.

A Data Custodian is an executive of an organization entrusted with the responsibilities of data administration, as such protecting and safeguarding data is the primary responsibility of Data custodian.

A data element is a basic unit of information that has a unique meaning and subcategories (data items) of distinct value. Gender, race, and geographic location are all examples of data elements.

A Data Encryption Standard is a form of algorithm to convert plain text to a cipher text. Data Encryption Standard uses the same key to encrypt and decrypt the data, and hence it is a symmetric key algorithm.

Data flow control is another term for information flow control.

Data integrity is the maintenance of, and the assurance of the accuracy and consistency of, the data.

Data leakage is the unauthorized exposure of information. It can result in data theft or data loss.

Data loss is the result of the accidental misplacement of data, rather than its deliberate theft.

A Data Owner is an executive of an organization entrusted with the administrative control of the data. Such individual or executive has complete control over data, and he can control or limit the access of such data to people, assign permissions, etc., also he is accountable for such data accuracy and integrity

Data Retention is the process of storing and protecting data for historical reasons and for data back up when needed. Every organization has its own rules governing data retention within the organization.

Data theft is the deliberate theft of information, rather than its accidental loss

A data transfer device is a fill device designed to securely store, transport, and transfer electronically both COMSEC and TRANSEC key. A DTD is designed to be backward compatible with the previous generation of COMSEC common fill devices, and programmable to support modern mission systems.

A database is a systematic collection and organization of data by individual or organizations so that it can be easily stored, retrieved, and edited for future use.

date when an insurance company issues a policy

Decentralization is the process of distributing functions, authorities among different people or to different locations

policy statements regarding the applicant and property covered such as demographic and occupational information, property specifications and expected mileage per year

A process of transforming encrypted data into its original plaintext data.

A decryption key is a piece of code that is required to decipher or convert encrypted text or information into plain text or information.

Portion of the insured loss (in dollars) paid by the policy holder

annuity payment to be made as a single payment or a series of installments to begin at some future date, such as in a specified number of years or at a specified age

A demilitarized zone (DMZ) refers to a host or network that acts as a secure and intermediate network or path between an organization's internal network and the external.

conversion of a mutual insurance company to a capital stock company.

A denial-of-service (DoS) attack prevents users from accessing a computer or website.

securities priced according to the value of other financial instruments such as commodity prices, interest rates, stock market prices, foreign or exchange rates.

Data loss prevention (DLP) is a set of tools and processes used to ensure that sensitive data is not lost, misused, or accessed by unauthorized users.

A demilitarized zone (DMZ) refers to a host or network that acts as a secure and intermediate network or path between an organization's internal network and the external.

Data loss prevention (DLP) is a set of tools and processes used to ensure that sensitive data is not lost, misused, or accessed by unauthorized users.

A type of injection security attack where an attacker will inject a malicious script into the content of website.