The practice of labelling information by sensitivity so that the right level of protection is applied to each category.
Data classification sorts information into levels, for example public, internal, confidential, and restricted, based on how sensitive it is and the harm that disclosure would cause. Each level is tied to handling rules for storage, sharing, and disposal.
Classification is foundational because it lets an organization focus the strongest controls on the most sensitive data rather than treating everything the same.
Related frameworks
KaitoSec