Shall I immediately target a CISM certification?

SDeeSDee Member Posts: 82 ■■■□□□□□□□
I am a CISSP, CCSP, CEH, CCNP, Triple CCNA and ITIL Certified with over 7 years of broad and variant experience, currently an Information Security manager.

Passed CCSP on 7 Jan, which seems to cover a lot of the topics and domains of the CISM, same goes for CISSP which I passed on ~ Oct. 2017
I just finished doing the CISM Self Assessment on ISACA.ORG and results were; 

Your score is 76%. (38/50)
1: Information Security Governance 91%
2: Information Risk Management and Compliance 75%
3: Information Security Program Development and Management 69%
4: Information Security Incident Management 66%

Do you think it would be realistic to target passing the exam within a 21-day period, as their concepts are similar to a lot of CISSP/CCSP concepts I want to take advantage of still having fresh information and go for it as soon as possible. 

I am yet to do any research about the material, the idea just popped into my mind. 
This would be my first ISACA exam, any 'de facto' books for CISM? 


  • DZA_DZA_ Untitled. Member Posts: 438 ■■■■■■□□□□
    Based on your experience and recent passings of CISSP and CCSP, it would complement with ISACA's mentality with your current certifications. Whether it would be any value to your job is for you to decide as there is a lot of overlap with CISSP. If and when you plan on taking it, I'd recommend the Questions and Answers Database for review. With a consistent study schedule I believe you can clear it in 21 days. 

  • SDeeSDee Member Posts: 82 ■■■□□□□□□□
    Thanks a lot, yes q a practice questions database would absolutely be part of my study prep. Anyways do you recommend any single book for studying? Honestly I'd prefer to have a single source after jumping from one book to another while preparing for CCSP

  • JDMurrayJDMurray MSIT InfoSec, CISSP, SSCP, GSEC, EnCE, C|EH, CySA+, PenTest+, CASP+, Security+ Surf City, USAAdmin Posts: 11,745 Admin
    I can see the ISACA's CISA and CRISC also covering much of the CISM material, but the (ISC)2's CCSP Cloud cert does as well?
  • SDeeSDee Member Posts: 82 ■■■□□□□□□□
    Yes, at least from what I've seen in the Assessment Exam, CCSP might be slightly different from what it's 'Cloud' name implies, common area's contain Risk Management  Access Management, Business Continuity,.. etc. in addition to a similar mentality of not rushing into actions, report as much as you can, get the support, evaluate based on risk,.. etc.
  • JDMurrayJDMurray MSIT InfoSec, CISSP, SSCP, GSEC, EnCE, C|EH, CySA+, PenTest+, CASP+, Security+ Surf City, USAAdmin Posts: 11,745 Admin
    On ISACA exams you must demonstrate that you are able to think and reason "The ISACA Way." I doubt that the (ISC)2 literature is worded in ISACA's think-speak. I won't be looking at the CISM until next year, so I am just speculating.
  • SDeeSDee Member Posts: 82 ■■■□□□□□□□
    It is the same with CISSP, thinking in an ISC way and I find both to be really close.

    I am referring to the items mentioned in my previous post; not rushing into actions, report as much as you can, get the management support, evaluate based on risk, support and decide based on business taking risk into consideration, answer each question as a manager not a technical person, and other similar mindsets. 

    I find them to be somehow similar, just shuffled through some questions in a mobile App and doing well. 
  • DZA_DZA_ Untitled. Member Posts: 438 ■■■■■■□□□□
    When I passed the CISM exam back last year, I used the official manual and the QAE DB. I would like to mention that Kelly Handerhan's Cybrary video also has a playlist for CISM. I dont believe you will need more than this.
  • SDeeSDee Member Posts: 82 ■■■□□□□□□□
    Had some delays, and will be targeting the beginning of May to sit for the exam.

    Just purchased the Q&A book, but a bit confused. What is the point of getting the 9th edition for double the price of the 8th as long as the questions are not actually exam questions?
  • abumubabumub Registered Users Posts: 5 ■■□□□□□□□□
    Don't confuse.This book will be enough along-with Review Manual.
  • SDeeSDee Member Posts: 82 ■■■□□□□□□□
    Been preparing for CISM by going through the CISM Review Questions 9th edition, 
    Feeling good but I am honestly disappointed by the shallowness of the question when it comes to the technical aspects, like seriously, since CISM is not a technical certificate don't ask technical questions in it, and if we do make sure to be convincing! How on earth would "Employing packet filtering to drop suspect packets" be the best mitigation for DoS attacks! I can see where the one who asked the question is coming from but it is very far from being a decent question! I can justify the rest of the answers to be way better than the mentioned answer. 
  • SDeeSDee Member Posts: 82 ■■■□□□□□□□
    Passed the exam and received the official score, I scored a 629

    It is achievable for anyone that actually meet their experience requirement, you just need to think in a specific way, which is often referred to as an ISACA way but it is more of a risk-and-business-oriented way which makes sense in most of the situations.
Sign In or Register to comment.