Kendall Morris, Author at risk3sixty

About Kendall Morris

Kendall is a Senior Analyst and Cyber Risk Advisory specialist for risk3sixty where he helps to implement business-first offensive and defensive security strategies. Kendall holds a B.B.A in Information Security and Assurance from Kennesaw State University. Kendall is a CISA, certified AICPA SOC for Service Organizations practitioner, and HITRUST Certified CSF Practitioner.

Designing an Incident Response Program

Incident response is a critical aspect of any security program. A well-designed incident response program can greatly decrease the cost of a security incident or data breach. Additionally, it is [...]

By Kendall Morris|2020-09-09T21:36:27+00:00September 4th, 2020|Cyber Risk Management|0 Comments

ISO 27001 vs SOC 2: Choosing a Compliance Framework

In a previous blog post, we discussed the differences between SOC 2 vs ISO 27001. In this post, we will look at the factors affecting the decision of choosing which [...]

By Kendall Morris|2020-09-09T21:24:19+00:00August 3rd, 2020|ISO 27001 Compliance, SOC Reporting|0 Comments

SOC 2 vs ISO 27001: What’s The Difference?

Navigating the ins and outs of two of the most popular compliance frameworks. When it comes to vendor due diligence, many companies are raising the bar. This article will help [...]

By Kendall Morris|2020-08-04T12:33:07+00:00July 13th, 2020|ISO 27001 Compliance, SOC Reporting|0 Comments

Common Misconceptions About the ISO 27001 Framework

Answering some of the most commonly asked questions around ISO 27001 implementation. At risk3sixty, we have helped many clients implement ISO 27001. Through this work, we have pinpointed a few [...]

By Kendall Morris|2020-08-25T14:32:21+00:00June 8th, 2020|CISO Discussions, ISO 27001 Compliance|0 Comments

Securing the Work-from-Home Environment During COVID-19

Tips for security administrators during the COVID-19 pandemic We have seen a massive increase in the number of employees working from home due to the COVID-19 pandemic. System administrators must [...]

By Kendall Morris|2020-08-25T15:40:54+00:00April 7th, 2020|Cyber Risk Management, News and Events|0 Comments

How to Read a HITRUST Validated Assessment

Understanding the results of a HITRUST engagement and how to use them. During your vendor due diligence process, a vendor sends you their HITRUST report. What exactly does this report [...]

By Kendall Morris|2020-08-25T15:40:54+00:00March 4th, 2020|HITRUST, IT Audit and Compliance|0 Comments

Performing Effective User Access Reviews

Correcting mistakes that arise in the day-to-day management of access control. Organizations can take many steps to manage access, such as adopting documented registration and de-registration processes, maintaining a [...]

By Kendall Morris|2020-10-13T16:02:03+00:00January 6th, 2020|Cyber Risk Management, IT Audit and Compliance, Regulatory Compliance|2 Comments

How to Create Effective Policies

How to leverage information security policies into leveling up your security program. People often regard information security policy as a "check-the-box" compliance initiative. Many organizations will copy a policy [...]

By Kendall Morris|2020-08-25T15:40:53+00:00December 16th, 2019|CISO Discussions, Cyber Risk Management, ISO 27001 Compliance, IT Audit and Compliance, SOC Reporting|1 Comment

Managing an Organization’s Passwords

How to keep the keys to the kingdom from escaping the kingdom. Proper password management is a huge step that an organization can take to strengthen security. It also addresses [...]

By Kendall Morris|2020-01-23T16:17:32+00:00October 28th, 2019|Cyber Risk Management, ISO 27001 Compliance, IT Audit and Compliance, Penetration Testing|0 Comments