IAPP CIPM Mini-Review
636-555-3226
Member Posts: 975 ■■■■■□□□□□
in IAPP
This is a mini-review of the International Association of Privacy Professionals' (IAPP) Certified Information Privacy Manager (CIPM) exam. Keep in mind a new version of the exam is in beta as I write this, so the test I took today and the materials that go along with it are probably going to be different a month after I write this. There's your grain of salt.
My background - 15+ years of infosec (and other job descriptions), mostly acting as a CISO without the $$ or title. Lots of GRC. The C in this case stands for privaCy since the only reasons companies protect your personal data is because laws or contracts require them to and those laws & contracts need to be Complied with. It's important I point this out because I am already very well versed in the material and when I say something is easy below keep in mind it's easy to me - it may not be easy for you if you're new to this area.
Why I took the test - I've been tinkering with taking either the CISSP-ISSMP or this CIPM ISSMP didn't really hold much ROI for me - no job benefits either here or elsewhere and probably not a lot of knowledge gained during studies since I'm already well versed in the material. CIPM is asked for a bit more in job boards (barely...) and had the potential of teaching me more in my studies. Also I'm convinced privacy is the next big wave running along infosec, and IAPP's exams are the only name in the business, so this could be a good strategic move looking 3-5 years down the line.
Who is this test for - People who want to learn how to create & manage an privacy program at a very high level. Looking through the directory of certified people, it's mostly privacy attorneys, privacy consultants, and infosec managers.
What did I use to study for it - Official live training, official course book, official training guide, official practice exam (~25 questions). Live training was eh, mostly instructor reading verbatim off of the instructors notes to the training guide. Official coursebook was short & to the point but could have been organized a bit better with some unification of concepts scattered throughout. Official training guide was basically a 100+ page set of bulletpoints summing up the official coursebook with extra material thrown in for some reason. Practice exam was good test of the book and relatively representative of the actual exam.
How was the exam - Fairly easy. If you're used to ISC2 or ISACA exams then this won't give you much of a cranium challenge. Closest approximation is a closed-book non-technical SANS exam. I have a feeling as if the exam writers flipped to random pages in the book or training guide and took questions verbatim from the text (yes, you need to study both the official book as well as the training guide). It's closed book, so you'll need to remember the exact word or phrase in the book. It's not as tough as it sounds, most of the distractors are obvious. Out of A, B, C, D you could easily & instantly cross C & D off and B usually was not as "right" as A. 90 questions, I finished in maybe 80 minutes with an 85% score. Didn't mark any questions for further review and I didn't have the feeling going through the exam that I needed to fix any wrong answers to pass.
Would I recommend this to others - As a strategic move, definitely, already mentioned I think privacy is in its infancy and is going to be big in the coming years. As a learning exam, yes, if you aren't already familiar with the material. If you've been running an infosec or GRC shop for a few years you won't be challenged. Everything here is essentially infosec GRC with the word "privacy" switched whereever you'd expect "information security." In other words, if you're already architecting/running an infosec shop, you'll qualified to run a privacy shop, too.
What did I take away from this exam - Mostly reinforcement of existing concepts. New- to mid-experienced people will probably get more out of learning the material.
My background - 15+ years of infosec (and other job descriptions), mostly acting as a CISO without the $$ or title. Lots of GRC. The C in this case stands for privaCy since the only reasons companies protect your personal data is because laws or contracts require them to and those laws & contracts need to be Complied with. It's important I point this out because I am already very well versed in the material and when I say something is easy below keep in mind it's easy to me - it may not be easy for you if you're new to this area.
Why I took the test - I've been tinkering with taking either the CISSP-ISSMP or this CIPM ISSMP didn't really hold much ROI for me - no job benefits either here or elsewhere and probably not a lot of knowledge gained during studies since I'm already well versed in the material. CIPM is asked for a bit more in job boards (barely...) and had the potential of teaching me more in my studies. Also I'm convinced privacy is the next big wave running along infosec, and IAPP's exams are the only name in the business, so this could be a good strategic move looking 3-5 years down the line.
Who is this test for - People who want to learn how to create & manage an privacy program at a very high level. Looking through the directory of certified people, it's mostly privacy attorneys, privacy consultants, and infosec managers.
What did I use to study for it - Official live training, official course book, official training guide, official practice exam (~25 questions). Live training was eh, mostly instructor reading verbatim off of the instructors notes to the training guide. Official coursebook was short & to the point but could have been organized a bit better with some unification of concepts scattered throughout. Official training guide was basically a 100+ page set of bulletpoints summing up the official coursebook with extra material thrown in for some reason. Practice exam was good test of the book and relatively representative of the actual exam.
How was the exam - Fairly easy. If you're used to ISC2 or ISACA exams then this won't give you much of a cranium challenge. Closest approximation is a closed-book non-technical SANS exam. I have a feeling as if the exam writers flipped to random pages in the book or training guide and took questions verbatim from the text (yes, you need to study both the official book as well as the training guide). It's closed book, so you'll need to remember the exact word or phrase in the book. It's not as tough as it sounds, most of the distractors are obvious. Out of A, B, C, D you could easily & instantly cross C & D off and B usually was not as "right" as A. 90 questions, I finished in maybe 80 minutes with an 85% score. Didn't mark any questions for further review and I didn't have the feeling going through the exam that I needed to fix any wrong answers to pass.
Would I recommend this to others - As a strategic move, definitely, already mentioned I think privacy is in its infancy and is going to be big in the coming years. As a learning exam, yes, if you aren't already familiar with the material. If you've been running an infosec or GRC shop for a few years you won't be challenged. Everything here is essentially infosec GRC with the word "privacy" switched whereever you'd expect "information security." In other words, if you're already architecting/running an infosec shop, you'll qualified to run a privacy shop, too.
What did I take away from this exam - Mostly reinforcement of existing concepts. New- to mid-experienced people will probably get more out of learning the material.
Comments
-
the_Grinch Member Posts: 4,165 ■■■■■■■■■■Thanks for the review! Thinking I taking the CIPP and CIPT within the next year or so. Have to agree that infosec and privacy (together) are going to be the big wave to ride in the future.WIP:
PHP
Kotlin
Intro to Discrete Math
Programming Languages
Work stuff -
cyberguypr Mod Posts: 6,928 Mod"acting as a CISO without the $$ or title" = priceless
How much did you/employer end up spending on this endeavor? -
636-555-3226 Member Posts: 975 ■■■■■□□□□□Training ran about $3k.
Time invested was probably a tad less than study 15 hours, not including 15 hours of live training over three days (live training also included CIPP subject matter). Those 15 study hours included ~8 hours building my outline (which I do for every exam as part of the study process) and probably 5-7 hours of reading that outline over and over again. I also plan on taking the CIPP/US in a few weeks and am following the same program. Assuming a pass (knock on my wood desk), I will apply for the new fellow thingy program they have -
Dayodan Registered Users Posts: 1 ■□□□□□□□□□Hello everyone, I am a new entry in the forum. My name is David and I have started to enter in the amazing field of data privacy & security. I would like to ask to someone (in particular to 636-555-3226) some advices on the IAPP exams: because of my previous degree in I decided to do as first the CIPP-E beta exam. Now, although I have to wait 3 weeks for the answer, I think I haven't passed: besides the timing, the number of questions (100) and some language problem my biggest problem has been the absence of any book/program of exam simulation where to practice (with the exception of the IAPP sample) especially in the non-scored multiple choice items that take time.
At this point, I have to wait until I can do it again and then I would like to ask whether anyone has any advice on where I could find practical exercises or any other advice for training.
In February I intend to do the CIPM exam and, also in this case, I have bought the IAPP book, the sample questions and the 'Determann's Field Guide to Privacy Law' as complementary resource. Those have anyone any good summary, exam simulation besides few kindly advice?
Thank you very much you all and I'm glad to have found such community of professionals!!