Cyber Insurance & Security Glossary

Full disk encryption is the process of encrypting all the data on the hard disk drive used to boot a computer, including the computer’s operating system, and permitting access to the data only after successful authentication with the full disk encryption product.

The File Transfer Protocol (FTP) is a legacy network protocol used for the transfer of files between two endpoints. This protocol is replaced by more secure methods like Secure File Transfer Protocol (SFTP) since it supports encryption.

A fill device is a COMSEC item used to transfer or store key in electronic form or to insert key into cryptographic equipment.

a surety bond, insurance policy, or an indemnity contract (when issued by an insurer), or similar guaranty types under which loss is payable upon proof of occurrence of financial loss to an insured claimant, obligee or indemnitee as a result of failure to perform a financial obligation or any other permissible product that is defined as or determined to be financial guaranty insurance.

insurance companies are required to maintain records and file annual and quarterly financial statements with regulators in accordance with statutory accounting principles (SAP). Statutory rules also govern how insurers should establish reserves for invested assets and claims and the conditions under which they can claim credit for reinsurance ceded.

a statute requiring motorists to show capacity to pay for automobile-related losses.

balance sheet and profit and loss statement of an insurance company. This statement is used by the NAIC, and by State Insurance Commissioners to regulate an insurance company according to reserve requirements, assets, and other liabilities.

A firewall is a network security device that monitors incoming and outgoing network traffic and makes decisions whether to allow or block specific traffic based on a defined set of rules.

A firewall control proxy is the component that controls a firewall’s handling of a call. The firewall control proxy can instruct the firewall to open specific ports that are needed by a call, and direct the firewall to close these ports at call termination

Firmware consists of the programs and data components of a cryptographic module that are stored in hardware within the cryptographic boundary and cannot be dynamically written or modified during execution.

Flaw Hypothesis Methodology is the system analysis and penetration technique in which the specification and documentation for an information system are analyzed to produce a list of hypothetical flaws.  This list is prioritized on the basis of the estimated probability that a flaw exists, on the ease of exploiting it, and on the extent of control or compromise it would provide.  The prioritized list is used to perform penetration testing of a system

Flooding is an attack that attempts to cause a failure in a system by providing more input than the system can process properly.

Focused Testing is a test methodology that assumes some knowledge of the internal structure and implementation detail of the assessment object. Focused testing is also known as gray box testing.

an insurance company selling policies in a state other than the state in which they are incorporated or domiciled.

an investment in a foreign jurisdiction, or an investment in a person, real estate or asset domiciled in a foreign jurisdiction. An investment shall not be deemed to be foreign if the issuing person, qualified primary credits source or qualified guarantor is a domestic jurisdiction or a person domiciled in a domestic jurisdiction, unless: a) The issuing person is a shell business entity; and b) The investment is not assumed, accepted, guaranteed or insured or otherwise backed by a domestic jurisdiction or a person, that is not a shell business entity, domiciled in a domestic jurisdiction.

a jurisdiction outside of the United States, Canada or any province or political subdivision of the foregoing.

Forensic copy is an accurate bit-for-bit reproduction of the information contained on an electronic device or associated media, whose validity and integrity has been verified using an accepted algorithm

Forensic Examination is the investigation to evaluate, analyze organize, preserve, and document evidence, including digital evidence that helps identify the cause of an incident.

A forensic specialist is a professional who locates, identifies, collects, analyzes, and examines data while preserving the integrity and maintaining a strict chain of custody of information discovered

Forensically clean describes digital media that is completely wiped of all data, including nonessential and residual data, scanned for malware, and verified before use.

Forensics is the practice of gathering, retaining, and analyzing computer-related data for investigative purposes in a manner that maintains the integrity of the data

A forward cipher is one of the two functions of the block cipher algorithm that is determined by the choice of a cryptographic key.  The term “forward cipher operation” is used for TDEA, while the term “forward transformation” is used for DEA.

Freeware is an application, program, or software available for use at no cost

an arrangement in which a primary insurer acts as the insurer of record by issuing a policy, but then passes the entire risk to a reinsurer in exchange for a commission. Often, the fronting insurer is licensed to do business in a state or country where the risk is located, but the reinsurer is not.

The File Transfer Protocol (FTP) is a legacy network protocol used for the transfer of files between two endpoints. This protocol is replaced by more secure methods like Secure File Transfer Protocol (SFTP) since it supports encryption.

Full disk encryption is the process of encrypting all the data on the hard disk drive used to boot a computer, including the computer’s operating system, and permitting access to the data only after successful authentication with the full disk encryption product.

Fuzz testing (fuzzing) is a quality assurance technique used to discover coding errors and security loopholes in software, operating systems or networks.

an aggregate of the accounting standards, principles and best practices for the preparation of financial statements allowing for consistency in reporting.

Get Nearest Server is a request packet sent by a client on an IPX network to locate the nearest active server of a particular type. An IPX network client issues a GNS request to solicit either a direct response from a connected server or a response from a router that tells it where on the inter-network the service can be located. GNS is part of the IPX SAP.

The gethostbyaddr is a DNS (Domain Name System) query that returns the Internet host name corresponding to an IP address

The gethostbyname is a DNS (Domain Name System) query that returns the name of the host corresponding to a Internet host name

The name GNU stands for “GNU’s Not Unix” (GNU is pronounced as g’noo). The development of GNU started in January 1984 and is known as the GNU Project. GNU is a Unix-like Operating System (OS), that comprises of many programs such as applications, libraries, developer tools, games. The GNU is available with source code that allows a user to run, copy, modify, distribute, study, change, and improve the software.

Gnutella is an open file sharing or peer-to-peer (P2P) network that was originally developed by Justin Frankel and Tom Pepper of Nullsoft in the early 2000. It was the first decentralized file sharing network that acts as a server for sharing files while simultaneously acting as a client that searches for and downloads files from other users.

the difference between the cost of acquiring the entity and the reporting entity's share of the book value of the acquired entity

Governance is a system for directing and controlling an organization. It includes set of rules, processes, practices established to evaluate the options, needs, conditions of the stakeholders such as Management, Suppliers, financiers, customers, etc. It also includes framework for attaining the established goals of an organization, alongside achieving a balance between the goals of organization and interests of the stakeholders. It aims to protect the interests of the organization by protecting assets of the organization, and the interests of the creditors, customers.

Governance, Risk Management and Compliance is a comprehensive and integrated organization wide system for achieving the goals set in each areas namely governance, Risk management, and Compliance, and meet the regulatory standards and requirements.

Graduated security is a security system that provides several levels (e.g., low, moderate, high) of protection based on threats, risks, available technology, support services, time, human concerns, and economics

act, repealing Glass-Steagal Act of 1933, allows consolidation of commercial banks, investment institutions and insurance companies. Established a framework of responsibilities of federal and state regulators for these financial industries. It permits financial services companies to merge and engage in a variety of new business activities, including insurance, while attempting to address the regulatory issues raised by such combinations.

amount of capital received in excess of the par value of the stock issued.

the net premium for insurance plus commissions, operating and miscellaneous commissions. For life insurance, this is the premium including dividends

an annuity contract that provides an accumulation based on both (1) funds that accumulate based on a guaranteed crediting interest rates or additional interest rate applied to designated considerations, and (2) funds where the accumulation vary in accordance with the rate of return of the underlying investment portfolio selected by the policyholder. The contract provides for the initiation of payments at some designated future date.

an annuity contract that provides an accumulation based on both (1) funds that accumulate based on a guaranteed crediting interest rates or additional interest rate applied to designated considerations, and (2) funds where the accumulation vary in accordance with the rate of return of the underlying investment portfolio selected by the policyholder. The contract provides for the initiation of payments at some interval that may vary, however the annuity payouts must begin within 13 months.

annuity contracts or portions thereof where the Insurer purchases an annuity for the retirees

a contract providing income for a specified period of time, or duration of life for a person or persons established to benefit a group of employees

A group authenticator is used sometimes in addition to a sign-on authenticator, to allow access to specific data or functions that may be shared by all members of a particular group.

a unique three to five digit number assigned by the NAIC to identify those companies that are part of a larger group of insurance companies.

contracts sold in connection with loan/credit transactions or other credit transactions, which do not exceed a stated duration and/or amount and provide insurance protection against death.

health insurance issued to employers, associations, trusts, or other groups covering employees or members and/or their dependents, to whom a certificate of coverage may be provided.

funding mechanism employed by states to provide funds to cover policyholder obligations of insolvent reporting entities.

A guard system is a mechanism limiting the exchange of information between information systems or subsystems

A guessing entropy is a measure of the difficulty that an Attacker has to guess the average password used in a system. In this document, entropy is stated in bits.  When a password has n-bits of guessing entropy then an attacker has as much difficulty guessing the average password as in guessing an n-bit random quantity. The attacker is assumed to know the actual password frequency distribution

A Guideline is a general rule or a piece of advice required to follow in order to accomplish the set goals of an organization