To see examples of associated assets, threats, and vulnerabilities, please see:
- Checklist of cyber threats & safeguards when working from home https://info.advisera.com/27001academy/free-download/checklist-of-cyber-threats-and-safeguards-when-working-from-home
- Diagram of ISO 27001:2013 Risk Assessment and Treatment process https://info.advisera.com/27001academy/free-download/diagram-of-iso-270012013-risk-assessment-and-treatment-process
Regarding what you should choose from our list of threats and vulnerabilities, the best approach is to ask the people who work depending on this cloud software what their biggest concerns are, because from that you can identify which assets, threats, and vulnerabilities to consider.
For example, if they are concerned with losing data, then the assets where data is stored must be considered, as well as threats and vulnerabilities that can impact these assets vulnerabilities.
For further information, see:
- Risk assessment https://advisera.com/27001academy/iso-27001-risk-assessment-treatment-management/#assessment