Steganography is the practice of hiding a secret message within an ordinary file so that the existence of the message is concealed. Unlike encryption, which protects the content of a message, steganography hides the fact that a message exists at all.
Attackers use steganography to exfiltrate data without triggering DLP tools. The hidden data travels inside legitimate-looking files that blend into normal traffic. Security teams use steganography detection tools as part of their data loss prevention strategy.
CISSP Relevance
Steganography appears in Domain 3 (Security Architecture and Engineering) within the cryptography section. CISSP candidates must understand steganography as a data hiding technique distinct from encryption and recognize its use in both legitimate communications and malicious data exfiltration.
External reference: NIST Glossary Steganography
Related terms: Cryptography, Data Loss Prevention