Cyber Insurance & Security Glossary

A complete glossary of essential Cyber Security & Insurance terms.

AJAX progress indicator
Search: (clear)
  • DDoS
    Distributed Denial of Service (DDoS) is a type of denial of service (DOS) attack where multiple compromised systems, are used to attack a single system causing an outage.
  • Device Control
    Device control helps you control the use of removable storage, optical media drives and wireless networking protocols
  • Digital Certificate
    A Digital Certificate is an electronic "password" that allows a person, organization to exchange data securely over the Internet using the public key infrastructure (PKI).
  • Digital Evidence
    Digital evidence is electronic information stored or transferred in digital form.
  • Digital Forensics
    Digital Forensics is the process of procuring, analyzing, interpreting electronic data for the purpose of presenting it in as an acceptable evidence in a legal proceedings in a court of law.
  • Direct Incurred Loss
    loss whereby the proximate cause is equivalent to the insured peril.
  • Direct Loss
    Damage to covered real or personal property caused by a covered peril.
  • Direct Writer
    an insurance company that sells policies to the insured through salaried representatives or exclusive agents only; reinsurance companies that deal directly with ceding companies instead of using brokers
  • Direct Written Premium
    total premiums received by an insurance company without any adjustments for the ceding of any portion of these premiums to the Reinsurer.
  • Directors and Officers Liability
    liability coverage protecting directors or officers of a corporation from liability arising out of the performance of their professional duties on behalf of the corporation.
  • Disaster
    A sudden event, catastrophe caused by the forces of nature or by a human error that result in serious damages to the nature, society, human life, and property. Disaster in business or commercial sense disable an enterprise from delivering the essential tasks for a specified period; for organizations disasters may result in loss of resources, assets, including data
  • Disaster Recovery Plan
    A Disaster Recovery Plan (DRP) or a Business Continuity Plan (BCP) prescribes steps required to carry on the business as usual in the event of a disaster. Disaster recovery plan aims to bring business activities back to normalcy in the shortest possible time; such efforts require an in
  • Discretionary Access Control
    Discretionary Access Control is a security measure, by which the owner can restrict the access of the resources such as files, devices, directories to specific subjects or users or user groups based on their identity. It is the discretion of owner to grant permit or restrict users from accessing the resources completely or partially
  • Disk Imaging
    Disk imaging is the process of generating a bit-for-bit copy of the original media, including free space and slack space.
  • Disruption-
    A disruption is unplanned event that causes the general system or major application to be inoperable for an unacceptable length of time (e.g., minor or extended power outage, extended unavailable network, or equipment or facility damage or destruction).
  • Dividend
    a refund of a portion of the premium paid by the insured from insurer surplus.
  • DNS
    The Domain Name System (DNS) is the phone book of the Internet. It allows computers to translate website names into IP address numbers so that they can communicate with each other.
  • DNS Exfiltration
    Domain Name System (DNS) Exfiltration is a difficult to detect lower level attack on DNS servers to gain unauthorized access. Such attach attacks lead to loss of data that range from simple to complex in nature and importance.
  • DNS Hijacking
    DNS hijacking is a type of malicious attack in which an individual redirect queries to a domain name server (DNS).
  • Document Malware
    Document malware takes advantage of vulnerabilities in applications that let you read or edit documents.
  • Domain Name Service
    The Domain Name System (DNS) is the phone book of the Internet. It allows computers to translate website names into IP address numbers so that they can communicate with each other.
  • Domain Name System
    A domain name system is a distributed system that internet servers follow to convert alphabetical domain names into numerical IP addresses. Internet servers follow a numerical IP addresses system, and to remember the numerical values of many domains is a difficult task, so domains use alphabetical address. Every time user types in an alphabetical domain name, the DNS helps internet by converting the alphabetical domain name into a numerical IP address.
  • Domain Name System Exfiltration
    Domain Name System (DNS) Exfiltration is a difficult to detect lower level attack on DNS servers to gain unauthorized access. Such attach attacks lead to loss of data that range from simple to complex in nature and importance.
  • Domestic Insurer
    an insurance company that is domiciled and licensed in the state in which it sells insurance.
  • DRP
    A Disaster Recovery Plan (DRP) or a Business Continuity Plan (BCP) prescribes steps required to carry on the business as usual in the event of a disaster. Disaster recovery plan aims to bring business activities back to normalcy in the shortest possible time; such efforts require an in
  • Dual Interest
    Insurance that protects the creditor's and the debtor's interest in the collateral securing the debtor's credit transaction. "Dual Interest" includes insurance commonly referred to as "Limited Dual Interest."
  • Dual Use Certificate
    A dual-use certificate is a certificate that is intended for use with both digital signature and data encryption services
  • Due Care
    Due Care is the degree of care a rational person would exercise in similar situations as the one at hand. Alternatively known as ordinary care or reasonable care is a test of a person’s preparedness to act, be responsible or neglectful of responsibility
  • Due Diligence
    Due Diligence is the process of conducting a thorough and detailed investigation, to verify the truthfulness of the information provided in the statements for analysis and review before committing to a transaction. It is a measure of prudence, a rational person would undertake before taking a final decision.
  • Duplicate Digital Evidence
    Duplicate digital evidence is a duplicate that is  an accurate digital reproduction of all data objects contained on the original physical item and associated media.
  • Dwelling Property/Personal Liability
    a special form of package policy composed of dwelling fire and/or allied lines, and personal liability insurance.
  • Dynamic Ports
    Dynamic Ports are otherwise known as private ports, these ports ranging from port number 49,152 to 65, 535 do not need any registration; these ports help any computer application communicate with any other application or program that uses transmission control protocol (TCP) or the User Datagram Protocol (UDP).
  • E-Commerce
    The process of conducting any kind of business transaction or a commercial transaction electronically with the help of internet is termed as E-commerce. Internet enables sellers to accept orders and payments online
  • E-Government
    E-Government is the U.S. government use of Web-based Internet applications and other information technology
  • e-signature
    An electronic signature, or e-signature, refers to data in electronic form, which is logically associated with other data in electronic form and which is used by the signatory to sign.
  • Early Warning System
    a system designed by insurance industry regulators of identifying practices and risk-related trends that contribute to systemic risk by measuring insurer' financial stability
  • Earned but Not Reported (EBNR)
    premium amount insurer reasonably expects to receive for which contracts are not yet final and exact amounts are not definite.
  • Earned Premium
    portion of insured's prepaid premium allocated to the insurance company's loss experience, expenses, and profit year- to -date
  • Easter Egg
    An Easter Egg is the hidden functionality within an application program, which becomes activated when an undocumented set of commands and keystrokes are entered. Easter eggs are typically used to display the credits for the development team and are intended to be nonthreatening.
  • Eavesdropping
    Eavesdropping is the practice of listening, intercepting, or monitoring private communication between users or user groups without their knowledge or permission.
  • EDP Policies
    coverage to protect against losses arising out of damage to or destruction of electronic data processing equipment and its software
  • Effective Date
    date at which an insurance policy goes into force.
  • Egress
    Egress in general means to go out; in information technology, it is defined as the network traffic moving out of the network to the final destination with the help of devices such as routers, etc.
  • Egress Filtering
    Egress filtering is the filtering of outgoing network traffic.
  • Electronic Key Entry
    Electronic Key Entry is the entry of cryptographic keys into a cryptographic module using electronic methods such as a smart card or a key-loading device.
  • Electronic Key Management System
    An electronic key management system is an Interoperable collection of systems being developed by services and agencies of the U.S. government to automate the planning, ordering, generating, distributing, storing, filling, using, and destroying of electronic key and management of other types of COMSEC material.
  • Electronic Signature
    An electronic signature, or e-signature, refers to data in electronic form, which is logically associated with other data in electronic form and which is used by the signatory to sign.
  • Electronically Generated Key
    An electronically generated key is a key generated in a COMSEC device by mechanically or electronically introducing a seed key into the device and then using the seed in conjunction with a software algorithm stored in the device to produce the desired key.
  • Elliptical Curve Cryptography
    Elliptical Curve Cryptography is a technique that uses elliptical curve equation to create cryptography keys; keys generated by this theory are much smaller, faster, and efficient, as well! This modern technique keeps the decryption key private, while the encryption key is public. Unlike traditional methods of generating cryptography keys such as RSA, elliptical curve technique uses discrete algorithms making it difficult to decipher the keys or challenge the keys.
  • Email Malware Distribution
    Email malware refers to malware that is distributed via email.
  • Embedded Cryptography
    Embedded cryptography is cryptography engineered into an equipment or system whose basic function is not cryptographic.
  • Employee Benefit Liability
    liability protection for an employer for claims arising from provisions in an employee benefit insurance plan provided for the economic and social welfare of employees. Examples of items covered are pension plans, group life insurance, group health insurance, group disability income insurance, and accidental death and dismemberment
  • Employers Liability
    employers' liability coverage for the legal liability of employers arising out of injuries to employees. This code should be used when coverage is issued as an endorsement, or as part of a statutory workers' compensation policy.
  • Employment Practices Liability Coverage
    liability insurance for employers providing coverage for wrongful termination, discrimination, or sexual harassment of the insured's current or former employees.