Cyber Insurance & Security Glossary

Distributed Denial of Service (DDoS) is a type of denial of service (DOS) attack where multiple compromised systems, are used to attack a single system causing an outage.

Device control helps you control the use of removable storage, optical media drives and wireless networking protocols

A Digital Certificate is an electronic "password" that allows a person, organization to exchange data securely over the Internet using the public key infrastructure (PKI).

Digital evidence is electronic information stored or transferred in digital form.

Digital Forensics is the process of procuring, analyzing, interpreting electronic data for the purpose of presenting it in as an acceptable evidence in a legal proceedings in a court of law.

loss whereby the proximate cause is equivalent to the insured peril.

Damage to covered real or personal property caused by a covered peril.

an insurance company that sells policies to the insured through salaried representatives or exclusive agents only; reinsurance companies that deal directly with ceding companies instead of using brokers

total premiums received by an insurance company without any adjustments for the ceding of any portion of these premiums to the Reinsurer.

liability coverage protecting directors or officers of a corporation from liability arising out of the performance of their professional duties on behalf of the corporation.

A sudden event, catastrophe caused by the forces of nature or by a human error that result in serious damages to the nature, society, human life, and property. Disaster in business or commercial sense disable an enterprise from delivering the essential tasks for a specified period; for organizations disasters may result in loss of resources, assets, including data

A Disaster Recovery Plan (DRP) or a Business Continuity Plan (BCP) prescribes steps required to carry on the business as usual in the event of a disaster. Disaster recovery plan aims to bring business activities back to normalcy in the shortest possible time; such efforts require an in

Discretionary Access Control is a security measure, by which the owner can restrict the access of the resources such as files, devices, directories to specific subjects or users or user groups based on their identity. It is the discretion of owner to grant permit or restrict users from accessing the resources completely or partially

Disk imaging is the process of generating a bit-for-bit copy of the original media, including free space and slack space.

A disruption is unplanned event that causes the general system or major application to be inoperable for an unacceptable length of time (e.g., minor or extended power outage, extended unavailable network, or equipment or facility damage or destruction).

a refund of a portion of the premium paid by the insured from insurer surplus.

The Domain Name System (DNS) is the phone book of the Internet. It allows computers to translate website names into IP address numbers so that they can communicate with each other.

Domain Name System (DNS) Exfiltration is a difficult to detect lower level attack on DNS servers to gain unauthorized access. Such attach attacks lead to loss of data that range from simple to complex in nature and importance.

DNS hijacking is a type of malicious attack in which an individual redirect queries to a domain name server (DNS).

Document malware takes advantage of vulnerabilities in applications that let you read or edit documents.

The Domain Name System (DNS) is the phone book of the Internet. It allows computers to translate website names into IP address numbers so that they can communicate with each other.

A domain name system is a distributed system that internet servers follow to convert alphabetical domain names into numerical IP addresses. Internet servers follow a numerical IP addresses system, and to remember the numerical values of many domains is a difficult task, so domains use alphabetical address. Every time user types in an alphabetical domain name, the DNS helps internet by converting the alphabetical domain name into a numerical IP address.

Domain Name System (DNS) Exfiltration is a difficult to detect lower level attack on DNS servers to gain unauthorized access. Such attach attacks lead to loss of data that range from simple to complex in nature and importance.

an insurance company that is domiciled and licensed in the state in which it sells insurance.

A Disaster Recovery Plan (DRP) or a Business Continuity Plan (BCP) prescribes steps required to carry on the business as usual in the event of a disaster. Disaster recovery plan aims to bring business activities back to normalcy in the shortest possible time; such efforts require an in

Insurance that protects the creditor's and the debtor's interest in the collateral securing the debtor's credit transaction. "Dual Interest" includes insurance commonly referred to as "Limited Dual Interest."

A dual-use certificate is a certificate that is intended for use with both digital signature and data encryption services

Due Care is the degree of care a rational person would exercise in similar situations as the one at hand. Alternatively known as ordinary care or reasonable care is a test of a person’s preparedness to act, be responsible or neglectful of responsibility

Due Diligence is the process of conducting a thorough and detailed investigation, to verify the truthfulness of the information provided in the statements for analysis and review before committing to a transaction. It is a measure of prudence, a rational person would undertake before taking a final decision.

Duplicate digital evidence is a duplicate that is  an accurate digital reproduction of all data objects contained on the original physical item and associated media.

a special form of package policy composed of dwelling fire and/or allied lines, and personal liability insurance.

Dynamic Ports are otherwise known as private ports, these ports ranging from port number 49,152 to 65, 535 do not need any registration; these ports help any computer application communicate with any other application or program that uses transmission control protocol (TCP) or the User Datagram Protocol (UDP).

The process of conducting any kind of business transaction or a commercial transaction electronically with the help of internet is termed as E-commerce. Internet enables sellers to accept orders and payments online

E-Government is the U.S. government use of Web-based Internet applications and other information technology

An electronic signature, or e-signature, refers to data in electronic form, which is logically associated with other data in electronic form and which is used by the signatory to sign.

a system designed by insurance industry regulators of identifying practices and risk-related trends that contribute to systemic risk by measuring insurer' financial stability

premium amount insurer reasonably expects to receive for which contracts are not yet final and exact amounts are not definite.

portion of insured's prepaid premium allocated to the insurance company's loss experience, expenses, and profit year- to -date

An Easter Egg is the hidden functionality within an application program, which becomes activated when an undocumented set of commands and keystrokes are entered. Easter eggs are typically used to display the credits for the development team and are intended to be nonthreatening.

Eavesdropping is the practice of listening, intercepting, or monitoring private communication between users or user groups without their knowledge or permission.

coverage to protect against losses arising out of damage to or destruction of electronic data processing equipment and its software

date at which an insurance policy goes into force.

Egress in general means to go out; in information technology, it is defined as the network traffic moving out of the network to the final destination with the help of devices such as routers, etc.

Egress filtering is the filtering of outgoing network traffic.

Electronic Key Entry is the entry of cryptographic keys into a cryptographic module using electronic methods such as a smart card or a key-loading device.

An electronic key management system is an Interoperable collection of systems being developed by services and agencies of the U.S. government to automate the planning, ordering, generating, distributing, storing, filling, using, and destroying of electronic key and management of other types of COMSEC material.

An electronic signature, or e-signature, refers to data in electronic form, which is logically associated with other data in electronic form and which is used by the signatory to sign.

An electronically generated key is a key generated in a COMSEC device by mechanically or electronically introducing a seed key into the device and then using the seed in conjunction with a software algorithm stored in the device to produce the desired key.

Elliptical Curve Cryptography is a technique that uses elliptical curve equation to create cryptography keys; keys generated by this theory are much smaller, faster, and efficient, as well! This modern technique keeps the decryption key private, while the encryption key is public. Unlike traditional methods of generating cryptography keys such as RSA, elliptical curve technique uses discrete algorithms making it difficult to decipher the keys or challenge the keys.

Email malware refers to malware that is distributed via email.

Embedded cryptography is cryptography engineered into an equipment or system whose basic function is not cryptographic.

liability protection for an employer for claims arising from provisions in an employee benefit insurance plan provided for the economic and social welfare of employees. Examples of items covered are pension plans, group life insurance, group health insurance, group disability income insurance, and accidental death and dismemberment

employers' liability coverage for the legal liability of employers arising out of injuries to employees. This code should be used when coverage is issued as an endorsement, or as part of a statutory workers' compensation policy.

liability insurance for employers providing coverage for wrongful termination, discrimination, or sexual harassment of the insured's current or former employees.