Kendall Morris, Author at risk3sixty

About Kendall Morris

Kendall is a Consultant and Cyber Risk Advisory specialist for risk3sixty where he helps to implement business-first offensive and defensive security strategies. Kendall holds a B.B.A in Information Security and Assurance from Kennesaw State University. Kendall is a CISA, certified AICPA SOC for Service Organizations practitioner, HITRUST Certified CSF Practitioner, AWS Certified Cloud Practitioner, and ISO 27001 Lead Implementer.

A GRC Tool is Not a GRC Program

A GRC tool can provide many benefits to your GRC program, as we’ve discussed before. However, before you go chasing shiny objects, you must understand what a GRC program is [...]

By Kendall Morris|2022-06-28T15:24:41+00:00June 14th, 2021|Cyber Risk Management|0 Comments

How to Provide Audit Evidence

So, you’ve been tasked with providing evidence for an audit. You may be wondering what your auditor is even looking for. Let’s take a look behind the scenes at why [...]

By Kendall Morris|2021-06-01T17:26:10+00:00June 1st, 2021|IT Audit and Compliance|0 Comments

Implementing Continuity in Your GRC Program

Every company must deal with governance, risk, and compliance. Often abbreviated as GRC, this business function is responsible for ensuring that major risks are addressed, required compliance initiatives have been [...]

By Kendall Morris|2021-05-24T17:11:30+00:00May 24th, 2021|IT Audit and Compliance|0 Comments

4 Benefits of a GRC Tool

A GRC tool can help an organization manage its governance, risk, and compliance program. But why use a GRC tool instead of managing your GRC program manually? GRC tools can [...]

By Kendall Morris|2022-06-28T15:22:01+00:00May 3rd, 2021|Cyber Risk Management|0 Comments

How to Perform a Risk Assessment (Part 2)

After you perform a risk assessment, what do you do with the results? Find out the answers to that and other common risk assessment questions in part 2 of this series! [...]

By Kendall Morris|2021-04-26T17:06:07+00:00April 26th, 2021|Cyber Risk Management|0 Comments

How to Perform a Risk Assessment (Part 1)

How do you perform a risk assessment, and what do you do with the results? Find out the answers to some common risk assessment questions in Part 1 of our two-part [...]

By Kendall Morris|2021-04-12T19:33:51+00:00April 12th, 2021|Cyber Risk Management|0 Comments

How to Read a SOC 2 System Description

In this blog, we’ll dive into one of the most important parts of a SOC 2 report, the SOC 2 System Description! During your due diligence process, a vendor sends [...]

By Kendall Morris|2021-01-27T21:22:32+00:00January 25th, 2021|SOC Reporting|0 Comments

HITRUST Validated Assessment: 5 Things to Prepare For

Preparing for your HITRUST Validated Assessment is no small task. With a little bit of preparation, you can ensure that the assessment goes smoothly. Below are five things that you [...]

By Kendall Morris|2021-01-11T18:23:25+00:00January 11th, 2021|HITRUST|0 Comments

Designing an Incident Response Program

Incident response is a critical aspect of any security program. A well-designed incident response program can greatly decrease the cost of a security incident or data breach. Additionally, it is [...]

By Kendall Morris|2020-09-09T21:36:27+00:00September 4th, 2020|Cyber Risk Management|0 Comments

ISO 27001 vs SOC 2: Choosing a Compliance Framework

In a previous blog post, we discussed the differences between SOC 2 vs ISO 27001. In this post, we will look at the factors affecting the decision of choosing which [...]

By Kendall Morris|2020-12-08T19:14:41+00:00August 3rd, 2020|ISO 27001 Compliance, SOC Reporting|0 Comments

12 Next