Data Classification
Data classification labels data by sensitivity to apply correct security controls.
Updated: 2026-03-05
Definition
Data classification is the process of categorizing information by sensitivity (e.g., public, internal, confidential).
It helps define what protections are required: encryption, access controls, retention, and monitoring.
Key points
- Drives which controls are required
- Supports compliance and DLP policies
- Should be consistent and documented
Common mistakes
- Over-classifying everything (controls become unusable).
- No owner for classification updates and exceptions.
Related exams
Related terms
Want to practice this in exam-style questions?
Use the mini tests on each exam page, then continue in the app for offline packs and detailed explanations.
Go to exams