The organized categorization of data based on potential harm from unauthorized access, alteration, or destruction. This foundational process helps choose appropriate security measures for data, ensuring its confidentiality, integrity, and availability.