CISM Prep Material

Hi,

Having passed the CISSP, thought CISM would be a good next step.

I was trying to find a sticky note about prep material for CISM on this forum, but could not find one.

Is someone able to guide me on what materials are recommended?

For example, there is the ISACA official guide and QAE book on Amazon - but both books are from 2016...that's 4 years old now - is there an upgrade?

(h**ps://www.amazon.com/CISM-Review-Manual-15th-Isaca/dp/1604205083/ref=sr_1_4?keywords=CISM&qid=1585126921&sr=8-4)

(h**ps://www.amazon.com/CISM-Review-Questions-Answers-Explanations/dp/1604205059/ref=sr_1_2?keywords=CISM&qid=1585126921&sr=8-2)

There is also the All-in-One book bundle, which is half the price, and more recent (2019).

(h**ps://www.amazon.com/Certified-Information-Security-Manager-Bundle/dp/1260459004/ref=sr_1_1?keywords=CISM&qid=1585126921&sr=8-1)

What about some other sample exams? Boson?

Is there an 11th Hour book?

CISM Pocket Prep any good?

What about the Essential CISM Quiz book? (h**ps://www.amazon.com/Essential-CISM-Exam-Quiz-Updated/dp/B07CY9TKGB/ref=sr_1_11?keywords=CISM&qid=1585126921&sr=8-11)

Any advice would be highly appreciated.

Many thx

Tom

Find more posts tagged with

Comments

E Double U

Most people (myself included) just used the official material from ISACA. I passed in 2017 using only the review manual and QAE database.

scasc

Agreed - I only used the Q&A material. Most people I know have used just this or the official review book too in order to grasp the material better (if required).

tomres

much obliged, thank you

bigdogz

The Official guide and the Q&A book are all you need to pass the exam.

Info_Sec_Wannabe

What they said.

Also, any reason or tackling CISM (gven that you already have CISSP)?

tomres

Info_Sec_Wannabe said:

What they said.

Also, any reason or tackling CISM (gven that you already have CISSP)?

good question.

my thinking was - it would be a good idea to have a 'management' type exam behind the belt in order to be considered for any CISO type roles?

having a good balance between technology and business would give one a better chance?

of course there is now the 'security MBA' which might be a better one to focus on...

what have you heard?

DZA_

tomres said:

Info_Sec_Wannabe said:

What they said.

Also, any reason or tackling CISM (gven that you already have CISSP)?

good question.

my thinking was - it would be a good idea to have a 'management' type exam behind the belt in order to be considered for any CISO type roles?
having a good balance between technology and business would give one a better chance?

of course there is now the 'security MBA' which might be a better one to focus on...

what have you heard?

Hi Tomres,

There are actually a couple factors involved that generally allow an individual to be considered for a CISO role (depending on size of org):

- Whether you have a post-graduate degree in an MBA or masters in cybersecurity (executive roles tend to favour people with higher education)
- Having a security management certificate under your belt would be beneficial to solidify your working knowledge and experience
- Having a good sense to translate business to technical language, vice versa
- Understanding how to manage large teams and multiple teams geographically and so on
- Being influential in your organization.

tomres

Hi,

to comment on those:

- Whether you have a post-graduate degree in an MBA or masters in cybersecurity (executive roles tend to favour people with higher education)

yes, I am also planning to do an MBA (security slant now available) or a Masters in Cyber Sec.

- Having a security management certificate under your belt would be beneficial to solidify your working knowledge and experience

isnt this where the CISM is a good fit? Unless you can recommend analternative?

- Having a good sense to translate business to technical language, vice versa

luckily I have been in a role for years that allows me to do this, and gain experience

- Understanding how to manage large teams and multiple teams geographically and so on

have had small teams in the past, will have to look at opportunities for growth

- Being influential in your organization.

yep, agreed.

Hence I thought I'd knock out CISM, since my CISSP knowledge is still fresh. Straight afterwards, move to MBA or Masters CyberSec.

JDMurray

There are very few choices for InfoSec management certifications: CISSP-ISSMP, CISM, GSTRT, and CCISO.

The ISSMP is the logical follow-up after getting the CISSP, CISM has the most industry recognition, GIAC has only the one management cert at the moment (for SANS MGT514), and the EC-Council cert is approved by the US DoD--as are the CISM and CISSP-ISSMP--but I haven't heard much else that's good about it.

scasc

SANS also have GSLC - though from what I have read I believe this may be more for the entry level info-sec officer. You may find that if you ever do CISSP-ISSMP, the best prep for this is in actual fact the CISM Q&A. Have had this confirmed from a number of people, though its a very unpopular cert (a hit on linkedin did not exactly set the world alight). However, appreciate different reasons to do a cert and not necessarily based on the hits you get.

JDMurray

The GSLC might be the cert for a SANS management course but it's hardly a real management cert compared to the others.