In this chapter, we learned why you need to have a security culture in an organization, and how it relates to and is supported by an information protection strategy. Then, we discussed what data classification means and why it builds the foundation of every data security solution. During the general overview of data classification, we looked at the relevance of a data classification scheme and related policies. Finally, we saw a Microsoft AIP solution overview, which builds the technology base for the information-protection solution we'll create in the coming chapters. Using the knowledge you gained in this chapter, you'll be able to define your own classification schemes, rules, and policies. Furthermore, you know which areas are critical in a security culture and you can include the appropriate tasks into your projects.

In the next chapter, we will dive into our first practical experience with AIP: identifying and detecting sensitive data.