The technical association ISACA offers the CISM (Certified in Information Security Manager) qualification.
Based on my own knowledge, the aim of this post is to give information to potential exam candidates on how to pass the exam.
The following are some of the most commonly asked questions about the exam:
How much time do I need to study for the exam?
This response varies by person: how many hours a week can you devote to it, how much do you know about the subject, and so on.
What is the recommended exam preparation material?
The following are the official materials for studying for the exam:
1. CISM Review Guide (printed or eBook)
2. Manual of CISM Analysis Questions, Responses, and Examples (printed or eBook)
3. Subscription to the CISM Database on a trial basis (online)
4. Official training
They can all be purchased, subscribed to, or enrolled in on the ISACA website.
It’s likely that you won’t need to use any of the money to complete the test. In my scenario, I just use the first two:
• CISM Study Guide
• QA&E Manual for CISM Analysis
Make sure you have the most recent edition of the material, as a new edition comes out every 5 years at the most.
There may also be unofficial materials and classes. I’m not acquainted with CISM services that aren’t official.
It shocked me because many CISM test questions were very technical and not addressed in the CISM Review Manual (especially those from domain 3 “Information Security Program Development and Management”). Nonetheless, they were mostly covered in the CISA Review Manual (for example, CISM Domain 3 questions were closely similar to CISA Chapters 3 and 4 on “IS Operations, Maintenance, and Service Management” and “Asset Protection”).
As a result, I highly advise passing (or at least preparing for) CISA certification before pursuing CISM certification.
Alternative planning materials (which I have not tried):
• McGraw Hill’s CISM AIO book
Mike Chapel, CISM LinkedIn Footage
• Thor Videos from CISM
• Kelly Video from the CISM Cybrary
• Videos from the CISM on YouTube
• Flashcards on CISM
What should I do to study for the exam?
Exam training should be customised to the exam candidate’s prior experience and skills. I’ll clarify what worked for me, so you can tweak these measures to fit your needs.
1. Go over the Review Manual:
The text can be very dense at times. I highlighted names, main ideas, themes, and bullet point titles to make the reading experience easier.
I tried to keep the read going to stop getting stuck on any one page. If I thought a segment needed further attention, I made a note of it and came back to it later.
It took me a month to finish.
2. Answer all of the questions in the “Review QA&E Manual” section.
Before testing the options, try to guess the outcome because it is easier to recall a response because there is an emotional component (satisfaction of having chosen the correct answer, frustration of having responded it incorrectly).
If you have the paper edition, you should cover the solutions with a paper sheet when reading the answers.
I found it very helpful to have a label next to a question if I failed it or when I realised it was a difficult question that needed to be tested. This allows you to concentrate on them while going over the questions.
If I wanted to verify an answer in the “Review Manual,” I found it helpful to jot down the page where it was explained next to the question in the “QA&E Manual.”
It took me 15 days to read, react to, and double-check all of the questions.
3. Go into the “Review Manual” subjects again.
at this stage, I knew which points needed further explanation. As a result, I’ll be able to return to these subjects.
Some exam candidates suggest reading the whole “Examination Manual” at this stage. Whether you believe you need to or if you have plenty of time, go ahead and do it. I didn’t do that but I was pressed for time.
It took me 15 days to complete this move and the two subsequent ones.
4. Act out the whole test.
At the end of the “Review QA&E” textbook, there is a complete exam sample. You would most likely have an exam simulation alternative if you use the online database.
Try to imitate test conditions as similarly as possible: turn off your computer, do not disturb the exam until it is done, do not get up during the exam, do not go to the bathroom, do not eat or drink, and do not look up answers or study content.
By doing so, you can achieve a greater understanding of how to study for the actual test.
Examine the outcomes. Calculate the percentage of failures for each work domain to determine which chapter needs to be reinforced.
Go through the wrong responses again.
5. Go through the questions that didn’t work.
Go over the failed query on “QA&E.”
If you don’t have any time restrictions, you may want to run through all of the questions again.
You should apply for the exam until you think you are able to take it.