Business owners and government entities face operational, financial, and/or regulatory risk due to an inability to adequately organize, understand, classify, evaluate and/or control rapidly-expanding amounts of data. This inability has reached a near-crisis level in many enterprises, due not only to technical and economic drivers, but also to an increasing number of regulatory requirements. These regulatory requirements include (1) Sarbanes-Oxley Act (SOX), which mandates demonstrable audit controls; (2) Gramm-Leach Bliley Act (GLB), which mandates restrictions on access to customer data; (3) Health Insurance Portability and Accountability Act (HIPAA), which mandates privacy of health-related records; and (4) California Data Security Breach Information Act (California SB-1386), which mandates disclosure to end users of breaches of California customer information, even if the data is not kept in California. In conventional data security models, each new control regime increases the amount of data that is required for business use by providing “uniform” but inappropriate protection to all assets. These known data security models rely on costly and numerous security services, mechanisms, or objects that are extrinsic to the data, or on the data itself. Conventional methods for addressing data organization, classification, evaluation, and control issues rely on non-integrated processes and manual intervention, which require large numbers of people skilled and knowledgeable in these data-related areas, elaborate accuracy and checking methods, and substantial amounts of time. Further, known data security methods have an inherent value dichotomy because a single data safeguard is protecting both high-value and low-value data. For example, a firewall that costs a considerable amount to deploy and maintain seeks to protect both high-value and low-value interior data, thereby providing too much protection to the data with the lowest value while being unable to provide enough protection to the data with the highest value. Still further, known data classification schemes classify information in bulk using static, inflexible, user-subjective classifications in a small range of categories (e.g., Confidential, Secret, Proprietary, etc.). Thus, there exists a need to overcome at least one of the preceding deficiencies and limitations of the related art.