Need advice for carrying out a risk assessment

[2nce]

Hello, I am currently required to carry out an information security risk assessment using the ISO 27005 standard for the Equifax data breach that occurred in 2015, The Equifax Breach: What You Should Know — Krebs on Security.

As far as I am aware, the risk assessment process is generally divided into three sections. First, risk identification. Followed by risk analysis and lastly risk evaluation.

I am currently working on the risk identification section and would appreciate any assistance on methods or techniques I can use to identify suitable assets, threats, vulnerabilities and controls.

Thanks in advance!

*Edit:- Just wanted to make it clear that I'm not asking for the actual assets, threats, vulnerabilities or controls but rather ways of finding them.

 

[Sunshine-boy]

I don't think if anyone here can assist you.
Ask your question here:
Information Security Stack Exchange

 

[2nce]

I don't think if anyone here can assist you.
Ask your question here:
Information Security Stack Exchange

Thanks will try my luck there!

 

[Jimbo791]

I dont mind people collecting data, but asking others to do there job is just a little much

 

[2nce]

I dont mind people collecting data, but asking others to do there job is just a little much

I'm really sorry but that wasn't my intention at all. I have already been trying to find information for each but what I've got so far is fairly limited. The only assets I've discovered are the customers personal data and Equifax's web application that was targeted. What I'm mainly looking for is any methods of finding assets, not the actual assets themselves.