Understanding what information resides on which systems—and how it's protected—is fundamental to measuring and managing cyber risk. In large, federated environments, IT inventory spans devices, applications, and vendor products, making accurate discovery, classification, and assessment a significant challenge. This session explores strategies and tools for automating inventory discovery, assigning ownership, classifying by data type, and continuously assessing risk. We’ll cover practical workflows for integrating automated asset discovery with vulnerability management across the UT system, as well as approaches for application and vendor risk management including transitioning from HECVAT v3 to v4. Attendees will learn how to scale risk management efforts, leverage automation to reduce manual overhead, and report meaningful insights to both operational teams and leadership. By streamlining inventory management and risk assessment, organizations can enhance security, build stakeholder confidence, and drive a prioritized approach to cyber risk mitigation. Attendees will learn to: 1. Implement automated inventory discovery and classification processes to improve visibility and risk assessment across a large, federated environment. 2. Leverage tools and workflows to integrate vulnerability management, vendor risk assessments, and application security into a unified risk management approach. 3. Develop effective reporting strategies to communicate inventory risk insights to operational teams and leadership, driving informed decision-making and prioritization.