If an incident has already occurred and is added to the risk register, what do we set the level of likelihood to? Do we calculate the likelihood of the impact of the risk re-occurring or set it to having a high likelihood as it's already occurred?
First of all, you should record an incident in the Incident log, not in the Risk register - the purpose of Incident log is to record all the incidents from the past, while Risk register tries to anticipate the incidents from the future.
If an incident has already happened in the bust, then it has a much higher chance of happening in the future.
These materials will also help you regarding risk assessment:
- book ISO 27001 Risk Management in Plain English https://advise ra.com/books/iso-27001-risk-management-in-plain-english/
- Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/