There are several techniques you can use to identify risks. These include SWOT analysis, PESTEL analysis, Scenario Analysis, and others. System based risk identification is a good way to determine cyber risks as it involves assessing the threats and vulnerability for each system. The best approach is using a combination of techniques as it will provide a more comprehensive list of potential risks.