Options
Passed the CISM Exam - 2016
In the recent December 2016, i passed my CISM exam with the score of 500+ marks. For me CISM has been the cursed exam for several reasons. This was technically my second attempt. CISM has been the cursed exam because june 2015 i registered it for the first time, the city i picked was my work city, due to visa issues i had to go back to home country for renewal which took time so i couldnt appear for it. Then Dec 2015 i registered it again but couldnt prepare due to work load, spent 2 days straight in office and went to exam without preparing and enough sleep and from exam center went to office again 
. As one could expect the result was horrible and i ended up at 310 marks.
Coming to june 2016 attempt, first serious attempt
. I studied for it with full dedication, Studied review manual Ed 14 and solved questions and appeared in exam. The result came and much to my desperation i failed by 15 marks 
. Analyzing my exam result i noticed that i performed exceptionally well in module 1 and 2 of governance and risk in which i scored 500+ marks but in incident management and Info sec program development modules i scored badly. Reason: i skimmed through these chapters rather than studying with understanding for the fact that my job role is technical and i thought these chapters wouldnt be issue but then learnt the lesson the hard way that CISM asks for ideal answers not the one which we practice mostly where we bypass certain things and use workarounds . I thought of giving up on CISM after this attempt as i was disgusted with myself for making that mistake but i didnt give up and i registered again.
This time i didnt go anything new , studied the same book but this time i studied the last 2 chapters with understanding and solved around 800-1000 questions from actual tests and other practice sites. compared to the last attempt i had less time to prepare as within that month i passed CeH first, went to training for PCIP ,prepared for exam and passed it. so i did all preparation in hardly 2 weeks but my previous understanding of some concepts did help me in doing it quickly. when the result came i was jubilant to know that the curse has been lifted and my perseverance has paid.
People who have done CISSP first and then tried for CISM scores more i experienced in my circle, for the reason that they have studied these concepts in detail especially Risk and technical stuff of module 3 and 4. So if you are planning to do both go for CISSP first and then CISM, which becomes piece of cake after passing CISSP. CISM overall may sound easy with only 4 modules but in my experience the depth in which it goes in all 4 modules takes time and understanding. In the review manual, module 1 and 2 are well written and well taught but the last 2 modules are theoretical in book but the exam asks you technical details which makes it difficult for you to prepare at times. I loved CISM mostly as it is quite practical, when i used to study i used to make points out of manual to apply those things in my work environment and have done that.
From study point of view, I covered the following:
1) Review manual --- Studied thoroughly, Dont skip the topics you think you know as i did in my first attempt. How many times you need to studoesnt matter if you do it right once
2) Solved questions and there is no limit to it. Try to solve as many questions for practice as possible. Try those which have explanations given at the end too so that you can know what is the thought process behind the question. It helps alot in exam to think from CISM perspective. i used ISACA practice questions and actual tests practice questions.
Exam experience:
1) read the questions twice before seeing the options to understand the points, underline the key words i.e. MOST, LEAST etc. this increases the probability in case you are confused between two options
2) CISM exam is tricky, you have to be careful when it comes to technical questions i.e. there were many questions on different controls 2 or 3 are usually correct but you have to answer either detective control or preventive control as asked in question and that you might not be able to do unless you read the question carefully and underline the word.
3) manage time, 4 hours are mostly enough for exam if you consume them efficiently. in the spare time at the end go though questions you marked in which you werent fully sure.
. As one could expect the result was horrible and i ended up at 310 marks.Coming to june 2016 attempt, first serious attempt
. I studied for it with full dedication, Studied review manual Ed 14 and solved questions and appeared in exam. The result came and much to my desperation i failed by 15 marks . Analyzing my exam result i noticed that i performed exceptionally well in module 1 and 2 of governance and risk in which i scored 500+ marks but in incident management and Info sec program development modules i scored badly. Reason: i skimmed through these chapters rather than studying with understanding for the fact that my job role is technical and i thought these chapters wouldnt be issue but then learnt the lesson the hard way that CISM asks for ideal answers not the one which we practice mostly where we bypass certain things and use workarounds . I thought of giving up on CISM after this attempt as i was disgusted with myself for making that mistake but i didnt give up and i registered again.This time i didnt go anything new , studied the same book but this time i studied the last 2 chapters with understanding and solved around 800-1000 questions from actual tests and other practice sites. compared to the last attempt i had less time to prepare as within that month i passed CeH first, went to training for PCIP ,prepared for exam and passed it. so i did all preparation in hardly 2 weeks but my previous understanding of some concepts did help me in doing it quickly. when the result came i was jubilant to know that the curse has been lifted and my perseverance has paid.
People who have done CISSP first and then tried for CISM scores more i experienced in my circle, for the reason that they have studied these concepts in detail especially Risk and technical stuff of module 3 and 4. So if you are planning to do both go for CISSP first and then CISM, which becomes piece of cake after passing CISSP. CISM overall may sound easy with only 4 modules but in my experience the depth in which it goes in all 4 modules takes time and understanding. In the review manual, module 1 and 2 are well written and well taught but the last 2 modules are theoretical in book but the exam asks you technical details which makes it difficult for you to prepare at times. I loved CISM mostly as it is quite practical, when i used to study i used to make points out of manual to apply those things in my work environment and have done that.
From study point of view, I covered the following:
1) Review manual --- Studied thoroughly, Dont skip the topics you think you know as i did in my first attempt. How many times you need to studoesnt matter if you do it right once
2) Solved questions and there is no limit to it. Try to solve as many questions for practice as possible. Try those which have explanations given at the end too so that you can know what is the thought process behind the question. It helps alot in exam to think from CISM perspective. i used ISACA practice questions and actual tests practice questions.
Exam experience:
1) read the questions twice before seeing the options to understand the points, underline the key words i.e. MOST, LEAST etc. this increases the probability in case you are confused between two options
2) CISM exam is tricky, you have to be careful when it comes to technical questions i.e. there were many questions on different controls 2 or 3 are usually correct but you have to answer either detective control or preventive control as asked in question and that you might not be able to do unless you read the question carefully and underline the word.
3) manage time, 4 hours are mostly enough for exam if you consume them efficiently. in the spare time at the end go though questions you marked in which you werent fully sure.