The process of categorizing data based on its sensitivity level and the impact of unauthorized disclosure, guiding appropriate security controls.