Cyber Insurance & Security Glossary

An Encapsulation Security Payload is an IPSec protocol that offers mixed security in the areas of authentication, confidentiality, and integrity for Ipv4 and ipv6 Network packets. Encapsulation Security Payload offers data integrity and protection services by encrypting data, anti-replay, and preserving it in its assigned IP.

To encipher is to convert plain text to cipher text via a cryptographic system

To convert into a coded form.

A method where plaintext (or any other type of readable data) is converted into an encoded version which can only be decoded by another entity if they have the decryption key. Encryption is an excellent way to secure data that’s transmitted across networks.

An encryption algorithm is a set of mathematically expressed rules for rendering data unintelligible by executing a series of conversions controlled by a key

An encryption certificate is a certificate containing a public key that is used to encrypt electronic messages, files, documents, or data transmissions, or to establish or exchange a session key for these same purposes

An Encryption Key is a code of variable value developed with the help of encryption algorithm to encrypt and decrypt information.

An end cryptographic unit is a device that (1) performs cryptographic functions, (2) typically is part of a larger system for which the device provides security services, and (3) from the viewpoint of a supporting security infrastructure (e.g., a key management system), is the lowest level of identifiable component with which a management transaction can be conducted.

End-to-end encryption describes communications encryption in which data is encrypted when passing through a network with the routing information still visible

an amendment or rider to a policy adjusting the coverages and taking precedence over the general contract

Endpoint security or Endpoint Protection is the process of securing the various endpoints on a network.

The total number of plans, not the total number of covered lives, providing coverage to the enrollee and their dependents.

An enterprise is an organization with a defined mission/goal and a defined boundary, using information systems to execute that mission, and with responsibility for managing its own risks and performance. An enterprise may consist of all or some of the following business aspects: acquisition, program management, financial management (e.g., budgets), human resources, security, and information systems, information and mission management.

The enterprise architecture is the description of an enterprise’s entire set of information systems:  configuration, integration and how they interface. Enterprise architecture also describes how they are operated to support the enterprise mission, and how they contribute to the enterprise’s overall security posture.

Entrapment is the deliberate planting of apparent flaws in an information system with the intent to detect attempted penetrations

a fixed annuity that earns interest or provides benefits that are linked to an external reference or equity index, subject to a minimum guarantee.

Eradication is an important function of the incident management process that follows the containment of an incident. Upon identifying and controlling the incident in the containment stage, eradication helps identify and remove the root cause of the incident completely from the system and avoid any chances of recurrences of the incident.

liability coverage of a professional or quasi professional insured to persons who have incurred bodily injury or property damage, or who have sustained any loss from omissions arising from the performance of services for others, errors in judgment, breaches of duty, or negligent or wrongful acts in business conduct.

Ethernet is the most popular Local Area Network (LAN) technology that specifies cabling and signalling system for home networks or for organizations. Ethernet uses BUS topology to support data transfers and Carrier sense multiple access/ collision detection (CSMA/CD) system to process requests at the same time

An Event is an action or an occurrence that a program can detect. Examples of some events are clicking of a mouse button or pressing the key, etc.

Evidence is documents, records or any such objects or information that helps prove the facts in a case.

liability coverage of an insured above a specific amount set forth in a basic policy issued by the primary insurer; or a self insurer for losses over a stated amount; or an insured or self insurer for known or unknown gaps in basic coverages or self insured retentions

loss sharing mechanism where an insurer pays all claims up to a specified amount and a reinsurance company pays any claims in excess of stated amount.

either specific and/or aggregate excess workers' compensation insurance written above an attachment point or self-insured retention.

An exercise key is cryptographic key material used exclusively to safeguard communications transmitted over-the-air during military or organized civil training exercises

percentage of premium income used to attain and service policies. Derived by subtracting related expenses from incurred losses and dividing by written premiums

rating system where each group is rated entirely on the basis of its own expected claims in the coming period, with retrospective adjustments for prior periods. This method is prohibited under the conditions for federal qualification.

An exploit is an attack on a computer system, especially one that takes advantage of a particular vulnerability the system offers to intruders.

An exploit code is a program that allows attackers to automatically break into a system.

An exploitable channel is a channel that allows the violation of the security policy governing an information system and is usable or detectable by subjects external to the trusted computing base.

An external network is a network not controlled by the organization.

risk of possible loss

External security testing is security testing conducted from outside the organization’s security perimeter.

a type of property insurance for extraordinary expenses related to business interruption such as a back-up generator in case of power failure.

the value of a policy to be provided upon maturity date or death.

reinsurance for a specific policy for which terms can be negotiated by the original insurer and reinsurer

A failover is a process of switching to a redundant system in the event of a system-wide failure.

A Fail Safe is the automatic protection of programs and/or processing systems when hardware or software failure is detected.

Fail soft is the elective termination of affected nonessential processing when hardware or software failure is determined to be imminent.

the amount at which an asset (or liability) could be bought (or incurred) or sold (or settled) in a current transaction between willing parties, that is, other than in a forced or liquidation sale. Quoted market prices in active markets are the best evidence of fair value and shall be used as the basis for the measurement, if available. If a quoted market price is available, the fair value is the product of the number of trading units times market price.

Fake antivirus malware reports non-existent threats in order to scare the user into installing malicious software and/or paying for unnecessary product registration and cleanup.

A false positive is an alert that incorrectly indicates that malicious activity is occurring.

farmowners insurance sold for personal, family or household purposes. This package policy is similar to a homeowners policy, in that it has been developed for farms and ranches and includes both property and liability coverage for personal and business losses. Coverage includes farm dwellings and their contents, barns, stables, other farm structures and farm inland marine, such as mobile equipment and livestock.

The Federal Information System is an information system used or operated by an executive agency, a contractor of an executive agency, or by another organization on behalf of an executive agency

fees incurred but not yet paid

a bond or policy covering an employer's loss resulting from an employee's dishonest act (e.g., loss of cash, securities, valuables, etc.).

File encryption is the process of encrypting individual files on a storage medium and permitting access to the encrypted data only after proper authentication is provided

File name anomaly is a mismatch between the internal file header and its external extension. A File name anomaly is also a file name inconsistent with the content of the file (e.g., renaming a graphics file with a non-graphical extension).

File protection is the aggregate of processes and procedures designed to inhibit unauthorized access, contamination, elimination, modification, or destruction of a file or any of its contents.

File security is the method in which access to computer files is limited to authorized users only.