Risk assessment for Information security

There are many similarities between ISO 27001 and PCI-DSS, it can be useful for you. According to the requirement 12.2 of PCI-DSS, you need to implement a risk assessment process, so I suppose that you have a risk assessment methodology based on ISO 27005, OCTAVE, or similar. On this case, you can use the same methodology for the implementation of the ISO 27001 (for the risk assessment & treatment),  but thinking on assets related to information security (taking into account the scope of the ISMS). You can read these 2 articles about ISO 27001 and PCI-DSS “PCI-DSS vs. ISO 27001 Part 1 – Similarities and Differences” : https://advisera.com/27001academy/knowledgebase/pci-dss/ and “PCI-DSS vs. ISO 27001 Part 2 – Implementation and Certification”: https://advisera.com/27001academy/knowledgebase/pci-dss/
Regarding to the risk register, if you want, you can try our methodology, there are templates for that you want (you can see a free version of all templates clicking on “Free Demo” tab): https://advisera.com/27001academy/documentation/Risk-Assessment-and-Risk-Treatment-Methodology/