Applies a value relative to how sensitive and critical the information is as defined by the organization which will determine what level of information protection controls will be applied to information collected, maintained, retained, used, and disposed of when no longer needed.
a) Data sensitivity analysis
b) Data encryption
c) Data classification
d) Data anonymization