Data Classification Overview - Data Classification: Secure Cloud Adoption

Data Classification Overview

Data classification is a foundational step in cybersecurity risk management. It involves identifying the types of data that are being processed and stored in an information system owned or operated by an organization. It also involves making a determination on the sensitivity of the data and the likely impact should the data face compromise, loss, or misuse.

To ensure effective risk management, organizations should aim to classify data by working backwards from the contextual use of the data and creating a categorization scheme that takes into account whether a given use-case results in significant impact to an organization’s operations (e.g. if data is confidential, needs to have integrity, and/or be available).

As used in this document, the term “classification” implies a holistic approach inclusive of taxonomy, schemes, and categorization of data for confidentiality, integrity, and availability.