Cyber Insurance & Security Glossary

A complete glossary of essential Cyber Security & Insurance terms.

AJAX progress indicator
Search: (clear)
  • FDE
    Full disk encryption is the process of encrypting all the data on the hard disk drive used to boot a computer, including the computer’s operating system, and permitting access to the data only after successful authentication with the full disk encryption product.
  • File Transfer Protocol
    The File Transfer Protocol (FTP) is a legacy network protocol used for the transfer of files between two endpoints. This protocol is replaced by more secure methods like Secure File Transfer Protocol (SFTP) since it supports encryption.
  • Fill Device
    A fill device is a COMSEC item used to transfer or store key in electronic form or to insert key into cryptographic equipment.
  • Financial Guaranty
    a surety bond, insurance policy, or an indemnity contract (when issued by an insurer), or similar guaranty types under which loss is payable upon proof of occurrence of financial loss to an insured claimant, obligee or indemnitee as a result of failure to perform a financial obligation or any other permissible product that is defined as or determined to be financial guaranty insurance.
  • Financial Reporting
    insurance companies are required to maintain records and file annual and quarterly financial statements with regulators in accordance with statutory accounting principles (SAP). Statutory rules also govern how insurers should establish reserves for invested assets and claims and the conditions under which they can claim credit for reinsurance ceded.
  • Financial Responsibility Law
    a statute requiring motorists to show capacity to pay for automobile-related losses.
  • Financial Statement
    balance sheet and profit and loss statement of an insurance company. This statement is used by the NAIC, and by State Insurance Commissioners to regulate an insurance company according to reserve requirements, assets, and other liabilities.
  • Firewall
    A firewall is a network security device that monitors incoming and outgoing network traffic and makes decisions whether to allow or block specific traffic based on a defined set of rules.
  • Firewall Control Proxy
    A firewall control proxy is the component that controls a firewall’s handling of a call. The firewall control proxy can instruct the firewall to open specific ports that are needed by a call, and direct the firewall to close these ports at call termination
  • Firmware
    Firmware consists of the programs and data components of a cryptographic module that are stored in hardware within the cryptographic boundary and cannot be dynamically written or modified during execution.
  • Flaw Hypothesis Methodology
    Flaw Hypothesis Methodology is the system analysis and penetration technique in which the specification and documentation for an information system are analyzed to produce a list of hypothetical flaws.  This list is prioritized on the basis of the estimated probability that a flaw exists, on the ease of exploiting it, and on the extent of control or compromise it would provide.  The prioritized list is used to perform penetration testing of a system
  • Flooding
    Flooding is an attack that attempts to cause a failure in a system by providing more input than the system can process properly.
  • Focused Testing
    Focused Testing is a test methodology that assumes some knowledge of the internal structure and implementation detail of the assessment object. Focused testing is also known as gray box testing.
  • Foreign Insurer
    an insurance company selling policies in a state other than the state in which they are incorporated or domiciled.
  • Foreign Investment
    an investment in a foreign jurisdiction, or an investment in a person, real estate or asset domiciled in a foreign jurisdiction. An investment shall not be deemed to be foreign if the issuing person, qualified primary credits source or qualified guarantor is a domestic jurisdiction or a person domiciled in a domestic jurisdiction, unless: a) The issuing person is a shell business entity; and b) The investment is not assumed, accepted, guaranteed or insured or otherwise backed by a domestic jurisdiction or a person, that is not a shell business entity, domiciled in a domestic jurisdiction.
  • Foreign Jurisdiction
    a jurisdiction outside of the United States, Canada or any province or political subdivision of the foregoing.
  • Forensic Copy
    Forensic copy is an accurate bit-for-bit reproduction of the information contained on an electronic device or associated media, whose validity and integrity has been verified using an accepted algorithm
  • Forensic Examination
    Forensic Examination is the investigation to evaluate, analyze organize, preserve, and document evidence, including digital evidence that helps identify the cause of an incident.
  • Forensic Specialist
    A forensic specialist is a professional who locates, identifies, collects, analyzes, and examines data while preserving the integrity and maintaining a strict chain of custody of information discovered
  • Forensically Clean
    Forensically clean describes digital media that is completely wiped of all data, including nonessential and residual data, scanned for malware, and verified before use.
  • Forensics
    Forensics is the practice of gathering, retaining, and analyzing computer-related data for investigative purposes in a manner that maintains the integrity of the data
  • Forward Chapter
    A forward cipher is one of the two functions of the block cipher algorithm that is determined by the choice of a cryptographic key.  The term “forward cipher operation” is used for TDEA, while the term “forward transformation” is used for DEA.
  • Freeware
    Freeware is an application, program, or software available for use at no cost
  • Fronting
    an arrangement in which a primary insurer acts as the insurer of record by issuing a policy, but then passes the entire risk to a reinsurer in exchange for a commission. Often, the fronting insurer is licensed to do business in a state or country where the risk is located, but the reinsurer is not.
  • FTP
    The File Transfer Protocol (FTP) is a legacy network protocol used for the transfer of files between two endpoints. This protocol is replaced by more secure methods like Secure File Transfer Protocol (SFTP) since it supports encryption.
  • Full Disk Encryption
    Full disk encryption is the process of encrypting all the data on the hard disk drive used to boot a computer, including the computer’s operating system, and permitting access to the data only after successful authentication with the full disk encryption product.
  • fuzzing
    Fuzz testing (fuzzing) is a quality assurance technique used to discover coding errors and security loopholes in software, operating systems or networks.
  • Generally Accepted Accounting Principle (GAAP)
    an aggregate of the accounting standards, principles and best practices for the preparation of financial statements allowing for consistency in reporting.
  • Get Nearest Server
    Get Nearest Server is a request packet sent by a client on an IPX network to locate the nearest active server of a particular type. An IPX network client issues a GNS request to solicit either a direct response from a connected server or a response from a router that tells it where on the inter-network the service can be located. GNS is part of the IPX SAP.
  • Gethostbyaddr
    The gethostbyaddr is a DNS (Domain Name System) query that returns the Internet host name corresponding to an IP address
  • Gethostbyname
    The gethostbyname is a DNS (Domain Name System) query that returns the name of the host corresponding to a Internet host name
  • GNU
    The name GNU stands for “GNU’s Not Unix” (GNU is pronounced as g’noo). The development of GNU started in January 1984 and is known as the GNU Project. GNU is a Unix-like Operating System (OS), that comprises of many programs such as applications, libraries, developer tools, games. The GNU is available with source code that allows a user to run, copy, modify, distribute, study, change, and improve the software.
  • Gnutella
    Gnutella is an open file sharing or peer-to-peer (P2P) network that was originally developed by Justin Frankel and Tom Pepper of Nullsoft in the early 2000. It was the first decentralized file sharing network that acts as a server for sharing files while simultaneously acting as a client that searches for and downloads files from other users.
  • Goodwill
    the difference between the cost of acquiring the entity and the reporting entity's share of the book value of the acquired entity
  • Governance
    Governance is a system for directing and controlling an organization. It includes set of rules, processes, practices established to evaluate the options, needs, conditions of the stakeholders such as Management, Suppliers, financiers, customers, etc. It also includes framework for attaining the established goals of an organization, alongside achieving a balance between the goals of organization and interests of the stakeholders. It aims to protect the interests of the organization by protecting assets of the organization, and the interests of the creditors, customers.
  • Governance, Risk Management and Compliance
    Governance, Risk Management and Compliance is a comprehensive and integrated organization wide system for achieving the goals set in each areas namely governance, Risk management, and Compliance, and meet the regulatory standards and requirements.
  • Graduated Security
    Graduated security is a security system that provides several levels (e.g., low, moderate, high) of protection based on threats, risks, available technology, support services, time, human concerns, and economics
  • Gramm-Leach Bliley Act (GLBA)
    act, repealing Glass-Steagal Act of 1933, allows consolidation of commercial banks, investment institutions and insurance companies. Established a framework of responsibilities of federal and state regulators for these financial industries. It permits financial services companies to merge and engage in a variety of new business activities, including insurance, while attempting to address the regulatory issues raised by such combinations.
  • Gross Paid-In and Contributed Surplus
    amount of capital received in excess of the par value of the stock issued.
  • Gross Premium
    the net premium for insurance plus commissions, operating and miscellaneous commissions. For life insurance, this is the premium including dividends
  • Group Annuities- Deferred Non-Variable and Variable
    an annuity contract that provides an accumulation based on both (1) funds that accumulate based on a guaranteed crediting interest rates or additional interest rate applied to designated considerations, and (2) funds where the accumulation vary in accordance with the rate of return of the underlying investment portfolio selected by the policyholder. The contract provides for the initiation of payments at some designated future date.
  • Group Annuities- Immediate Non-Variable and Variable
    an annuity contract that provides an accumulation based on both (1) funds that accumulate based on a guaranteed crediting interest rates or additional interest rate applied to designated considerations, and (2) funds where the accumulation vary in accordance with the rate of return of the underlying investment portfolio selected by the policyholder. The contract provides for the initiation of payments at some interval that may vary, however the annuity payouts must begin within 13 months.
  • Group Annuities- Unallocated
    annuity contracts or portions thereof where the Insurer purchases an annuity for the retirees
  • Group Annuity
    a contract providing income for a specified period of time, or duration of life for a person or persons established to benefit a group of employees
  • Group Authenticator
    A group authenticator is used sometimes in addition to a sign-on authenticator, to allow access to specific data or functions that may be shared by all members of a particular group.
  • Group Code
    a unique three to five digit number assigned by the NAIC to identify those companies that are part of a larger group of insurance companies.
  • Group Credit-Life
    contracts sold in connection with loan/credit transactions or other credit transactions, which do not exceed a stated duration and/or amount and provide insurance protection against death.
  • Group Health
    health insurance issued to employers, associations, trusts, or other groups covering employees or members and/or their dependents, to whom a certificate of coverage may be provided.
  • Guaranty Fund
    funding mechanism employed by states to provide funds to cover policyholder obligations of insolvent reporting entities.
  • Guard System
    A guard system is a mechanism limiting the exchange of information between information systems or subsystems
  • Guessing Entropy
    A guessing entropy is a measure of the difficulty that an Attacker has to guess the average password used in a system. In this document, entropy is stated in bits.  When a password has n-bits of guessing entropy then an attacker has as much difficulty guessing the average password as in guessing an n-bit random quantity. The attacker is assumed to know the actual password frequency distribution
  • Guideline
    A Guideline is a general rule or a piece of advice required to follow in order to accomplish the set goals of an organization