Cyber Insurance & Security Glossary

A Hacker is a term used for an expert computer programmer who tries to gain unauthorized access into a network or computer systems with  intent.

Hacktivism is the term used to describe hacking activity that’s typically for political and social purposes, attacking corporations, governments, organizations and individuals

High Assurance Guard is an enclave boundary protection device that controls access between a local area network that an enterprise system has a requirement to protect, and an external network that is outside the control of the enterprise system, with a high degree of assurance. A guard that has two basic functional capabilities:  a Message Guard and a Directory Guard.  The Message Guard provides filter service for message traffic traversing the Guard between adjacent security domains.  The Directory Guard provides filter service for directory access and updates traversing the Guard between adjacent security domains.

Handshaking procedures are the dialogue between two information systems for synchronizing, identifying, and authenticating themselves to one another.

A hard copy key is physical keying material, such as printed key lists, punched or printed key tapes, or programmable, read-only memories.

a market characterized by high demand and low supply

The process of securing a system.

Hardware is the physical components of an information system. See also Software and Firmware

A hardwired key is a permanently installed key.

Hash-based Message Authentication Code is a message authentication code that uses a cryptographic key in conjunction with a hash function.

A Hash Function is a function that is used to map data of arbitrary size to a data of a known or fixed size. The values returned by a hash function are called hash values, hash codes, hash sums, or simply hashes

A cryptographic hash function is a kind of hash function where it is practically impossible to recreate the input data from its hash value alone. The input data is referred to as the ‘message’, and the hash value is called the ‘message digest’ or the ‘digest’. The result of this hash function can be used to validate if a larger file has been changed, without comparing the larger files. Examples of frequently used hash functions are MD5 and SHA1.

A Hash Total is a method of verifying the accuracy of data; it includes adding up the data in different fields including fields, which have no significance such as account numbers, etc. The sum thus arrived should be the same as original, a mismatch in the totals indicates an error.

A hash value is the result of applying a cryptographic hash function to data (e.g., a message).

Hashing is generating a value or values from a string of text using a mathematical function.

circumstance which tends to increase the probability or severity of a loss.

A Header refers to the additional data at the beginning of a chunk of data (or packet) being stored or transmitted. The data that follows the header is called the payload or body. Note that it is important that the header is of clear and unambiguous format to allow for parsing.

A host-based intrusion detection system (HIDS) is an intrusion detection system that monitors and analyses information from the operating system audit records occurring on the host. These operations are then compared to a pre-defined security policy norm. This analysis of the audit trail forces significant overhead requirements on the system due to the increased amount of processing power which must be utilized by the intrusion detection system. Depending on the size of the audit trail and the processing ability of the system, the review of audit data could result in the loss of a real-time analysis capability.

High Assurance Guard is an enclave boundary protection device that controls access between a local area network that an enterprise system has a requirement to protect, and an external network that is outside the control of the enterprise system, with a high degree of assurance. A guard that has two basic functional capabilities:  a Message Guard and a Directory Guard.  The Message Guard provides filter service for message traffic traversing the Guard between adjacent security domains.  The Directory Guard provides filter service for directory access and updates traversing the Guard between adjacent security domains.

High availability is a failover feature to ensure availability during device or component interruptions.

High impact is the loss of confidentiality, integrity, or availability that could be expected to have a severe or catastrophic adverse effect on organizational operations, organizational assets, individuals, other organizations, or the national security interests of the United States; (i.e., 1) causes a severe degradation in mission capability to an extent and duration that the organization is able to perform its primary functions, but the effectiveness of the functions is significantly reduced; 2) results in major damage to organizational assets; 3) results in major financial loss; or 4) results in severe or catastrophic harm to individuals involving loss of life or serious life threatening injuries).

A high impact system is an information system in which at least one security objective (i.e., confidentiality, integrity, or availability) is assigned a FIPS 199 potential impact value of high. An information system in which at least one security objective (i.e., confidentiality, integrity, or availability) is assigned a potential impact value of high.

A Hijack Attack is a form of active wiretapping in which the attacker seizes control of a previously established communication association

Hijacking is a network security attack by which the intruder takes control of a connection, while a session is in progress. The intruder gains unauthorized access to the information.

Hash-based Message Authentication Code is a message authentication code that uses a cryptographic key in conjunction with a hash function.

Hoaxes are reports of false and unsubstantiated claims, in an attempt to trick or defraud users.

A risk transfer mechanism whereby one party assumes the liability of another party by contract

HoneyClient is a web browser-based high interaction client honeypot designed by Kathy Wang in 2004 and subsequently developed at MITRE. It was the first open source client honeypot and is a mix of Perl, C++, and Ruby. HoneyClient is state-based and detects attacks on Windows clients by monitoring files, process events, and registry entries.

A honeymonkey is an automated program that imitates a human user to detect and identify websites which exploit vulnerabilities on the Internet. It is also known as Honey Client.

A honeypot is a computer security mechanism set to detect, deflect, or counteract attempts at unauthorized use of information system.

A hop occurs each time that a data packet is passed from one device (source) to the next device (destination). Data packets pass through bridges, routers, and gateways on the way.

A network host is a computer or other device connected to a computer network. A network host is a network node that is assigned a network layer host address. A network host may offer information resources, services, and applications to users or other nodes on the network

A host-based intrusion detection system (HIDS) is an intrusion detection system that monitors and analyses information from the operating system audit records occurring on the host. These operations are then compared to a pre-defined security policy norm. This analysis of the audit trail forces significant overhead requirements on the system due to the increased amount of processing power which must be utilized by the intrusion detection system. Depending on the size of the audit trail and the processing ability of the system, the review of audit data could result in the loss of a real-time analysis capability.

A hot site is a fully operational offsite data processing facility equipped with hardware and software, to be used in the event of an information system disruption. Backup site that includes phone systems with the phone lines already connected. Networks will also be in place, with any necessary routers and switches plugged in and turned on.  Desks will have desktop PCs installed and waiting, and server areas will be replete with the necessary hardware to support business-critical functions. Within a few hours, a hot site can become a fully functioning element of an organization.

A hot wash is a debrief conducted immediately after an exercise or test with the staff and participants.

Hypertext Markup Language (HTML) is a set of markup symbols or codes that are inserted in a file intended for display on a World Wide Web (WWW) browser page. These markup states the browser how to display a web page to the user.

HTTP is the underlying protocol used by the World Wide Web (WWW). This protocol defines how messages are formatted and transmitted on the Internet and what actions web servers and browsers should take in response to various commands.

An HTTP Proxy is a server that receives requests from your web browser and then, requests the Internet on your behalf. It then returns the results to your browser.

HTTPS (also called HTTP over TLS, HTTP over SSL, and HTTP Secure) is an Internet protocol used for secure communication over a computer network. HTTPS is very important over insecure networks (such as public WiFi), as anyone on the same local network can discover sensitive information not protected by HTTPS. HTTPS consists of communication over Hypertext Transfer Protocol (HTTP) within a connection encrypted by Transport Layer Security or its predecessor, Secure Sockets Layer.

Malware and other threats can hide in the encrypted traffic from trusted websites. HTTPS scanning decrypts, scans and then re-encrypts this data.

A hub is a network device that is a common connection point for devices in a network. These are commonly used to connect segments of a LAN. A hub contains multiple ports. When a data packet is received at one port, it is transmitted to the other ports on the hub

A hybrid attack is a blend of both a dictionary attack method as well as brute force attack. This means that while a dictionary attack method would include a wordlist of passwords, the brute-force attack would be applied to each possible password in that list.

Hybrid encryption is a method of encryption that combines two or more encryption algorithms or systems. This method merges asymmetric and symmetric encryption in order to derive benefit from the strengths of each form of encryption. These strengths include speed and security respectively.

Hybrid security control is a security control that is implemented in an information system in part as a common control and in part as a system-specific control

A hyperlink (usually highlighted by color or underscoring) could be a word, a phrase, or an image that refers to data or related information that the user can directly follow either by clicking or by hovering. A hyperlink points to a whole document or to a specific element within a document while a hypertext is text with hyperlinks.

Hypertext Markup Language (HTML) is a set of markup symbols or codes that are inserted in a file intended for display on a World Wide Web (WWW) browser page. These markup states the browser how to display a web page to the user.

HTTP is the underlying protocol used by the World Wide Web (WWW). This protocol defines how messages are formatted and transmitted on the Internet and what actions web servers and browsers should take in response to various commands.

Internet identity (IID) or internet persona is a social identity that an Internet user creates on online communities and websites. While some users prefer using their real names online, others prefer to be anonymous and identify themselves by means of pseudonyms

An incident is an unplanned disruption or degradation of a network or system service and needs to be resolved immediately. An example of an incident is a server crash that causes a disruption in the business process. However, if the disruption is planned, say, a scheduled maintenance, it is not an incident

Incident handling is an action plan developed (by an organisation or individual) to counteract intrusions, cyber-theft, denial of service, fire, flood, and any other security-related events. It comprises of six process steps: preparation, identification of attack, containment of attack, eradication, recovery, and analysis (lessons learned documentation).

An organized approach to address and manage the aftermath of a cyber attack or an incident. The goal is to limit damage and reduce recovery time and costs.

a life insurance and annuity provision limiting the time within which the insurer has the legal right to void the contract on grounds of material misrepresentation in the policy application

An incremental backup provides a backup of only those files that have changed, modified, or are new since the last backup. Incremental backups are often desirable as they consume minimum storage and are quicker to perform than differential backups.

(Pure IBNR) claims that have occurred but the insurer has not been notified of them at the reporting date. Estimates are established to book these claims. May include losses that have been reported to the reporting entity but have not yet been entered into the claims system or bulk provisions. Bulk provisions are reserves included with other IBNR reserves to reflect deficiencies in known case reserves. IBNR can sometimes include estimates of incurred but Not Enough Reported (IBNER)

paid claims plus amounts held in reserve for those that have been incurred but not yet paid.