CISM

Greetings.

I just signed up for the CISM exam (today's the deadline!), do you all have any thoughts as to what books I should read for the exam?

And do you have any thoughts as to what I should do when I get the certification, or how should I leverage that into either getting a different job or a raise?

Find more posts tagged with

Free for TechExams community: Cybersecurity salary guide

Compare cert salaries and plan your next career move

Button

Comments

lopezco

I did my CISSP in January 13th, CISA in June and now took CISM last Saturday.

I consider the CISSP as my hardest exam I have taken, the CISA was a bit easier and this one I think was very close to the difficulty of the CISSP.
Some of others who took both found this one harder.

I studied from ISACA's materials (CRM and Questions and Answers Database 2007) which I understand are very important. The format in the practice questions is similar to the exam even some (very few) questions might appear.

I read the CRM in 3 months (I am a very slow reader, also I took it easy) only once, and got questions and answers database 3 weeks before the exam.

I have notice sometimes you can gain confidence which might be dangerous. I prepared extremely well for my CISSP, after that for CISA was a bit hard but not too much, for this exam I had too much confidence and I did not studied that much (very bad).

Regarding to the exam, it was balanced with most of the questions oriented to management but also there were enough technical (patch, virus, IDS, firewalls and so on). I was surprise not finding cryptography related questions and physical security.

I found there were many questions which were asked several times but in different ways.
Must of the questions had two choices very similar (as other tests) where I had to pick one of them.

I am not sure if passed.
I think it was a fair exam, is not something you can get easy and if I pass, my previous preparations (CISSP and CISA) were very helpful.

lopezco

I forgot to add the physic part of the test.
After 100 questions and more of two hours it becomes harder and harder to read and analyze.
The first 15 questions where so hard for me That i left 8 for reviewing, but later the following questions became more familiar.

Fugazi1000

My CISSP was a few years ago so cannot remember how hard (other than the length) it was. Preparation was general reading on the domains listed in the CBK. I have been in the game some 20 years now though.

CISM was more recent. Very much NOT technical and any knowledge gained along CISSP lines will be useful and relevant.

CISA introduced me to some areas I wasn't already experienced in, specifically audit, and the ISACA CISA Review 2006 helped here. The review books don't change that dramatically from year to year. Knowing ITIL, Systems Development Lifecycle, Project Management principles will all help with CISA. Most of it common sense and common terminology.

I agree with the other posters sentiments of NOT copying/cheating and indeed all of these certifications have a charter that absolutely precludes those activities. If you do them, you **** only yourself.

lopezco

Just to Inform you
Today I received the notification I passed The December 2007 CISM exam.
I am very happy for that reason

JDMurray

Hey, congratulations!

What did you think of the exam itself?

lopezco

"Regarding to the exam, it was balanced with most of the questions oriented to management but also there were enough technical (patch, virus, IDS, firewalls and so on). I was surprise not finding cryptography related questions and physical security.

I found there were many questions which were asked several times but in different ways.
Must of the questions had two choices very similar (as other tests) where I had to pick one of them."

It was harder than I was expecting. In this one I had too many questions with doubts.
now that I passed

I think it was a fair exam.

L8Shift

lopezco wrote:

" I found there were many questions which were asked several times but in different ways.
Must of the questions had two choices very similar (as other tests) where I had to pick one of them."

It was harder than I was expecting. In this one I had too many questions with doubts.
now that I passed I think it was a fair exam.

I too see saw many questions asked several times in many different ways...

It created doubt in my mind... I tried to stick with my 'original' answer as I went along..

I felt it was harder than I expected.... I left feeling unsure.....

I got my grade via email.....

I passed as welll!

Congrats to all those that passed....

jbayne3

I took the CISA exam this past December...and I'm anxiously waiting for the results...I see that you got your CISM results already...congratulations! Hopefully it will be here soon....already waited 2 months! lol

JDMurray

Here's some interesting stats from the latest ISACA registration notice:

For 30 years, the Certified Information Systems Auditor™ (CISA®) credential has been preferred by individuals and organizations around the world. More than 55,000 audit, control and security professionals have achieved this globally accepted standard since 1978. Independent surveys by Foote Partners and Certification Magazine name CISA one of the highest-paying tech certifications.

In 2002, ISACA introduced CISM® (Certified Information Security Manager®), a groundbreaking credential specifically designed for information security professionals who have information security management responsibilities. ISACA has certified more than 7,000 CISMs to date.

For more information about CISA or CISM, please visit the ISACA web site at www.isaca.org/certification.

It looks like the CISM is still a fairly exclusive club.

fasteagle

So, are the CRM and the Practice Question Database the only real study guides for this exam then? The books I saw on Amazon for CISM were either dated or had some pretty poor reviews. Any additional info is appreciated!

JDMurray

I have the Wiley CISM book, and it's is a good start, but I wouldn't use it as the only source of study material for the exam.

HHHTheGame

I would use the stuff from ISACA. I passed the CISM back in June of 2007 and I used the brown Peltier book and the SRM publications.... WAY too much information. I got hold of some of the ISACA stuff from a friend three days before the exam. The ISACA stuff was pretty much dead on exactly like the exam. Sure, they re-worded some questions, but if you know the material, that doesn't matter. As an analogy, the Peltier and SRM books take a look at things at the 10' level. The ISACA stuff and the exam itself take a look at things at the 100' level.

lopezco

HHHTheGame wrote:

As an analogy, the Peltier and SRM books take a look at things at the 10' level. The ISACA stuff and the exam itself take a look at things at the 100' level.

I did not have that feeling. The CISM review manual is close to 300 pages and they do not go too deep.

I only used ISACA materials for my preparation. It might be risky sitting the exam without their resources.

L8Shift

I, too, only used the ISACA materials for studying for the CISM.

I was fortunate enough to receive ISACA CISM classroom training in DC.

I sent in my application for Certification a few weeks ago and just received my approval email!!

Now I will need to document my CPEs credits.

GoodBishop

In other news, I successfully passed the CISM exam back in December 2007. Woo hoo.

I have to say that having the CISSP and CISA helped me out quite a bit. There is a lot of crossover material there.

GoodBishop

Complete Guide to CISM Certification
Sold by: Amazon.com, LLC

This was the book I used to pass it. Between this, and the books for the CISA and CISSP, I was able to pass without any issues.

JDMurray

Complete Guide to CISM Certification by Thomas R. Peltier & Justin Peltier

Thanks for the good information.

Khaled.Mohamed

Dear All,

It would be appreciated, if anyone could help to find an official soft copy for the new "CISM Review Manual 2012". I need to study the guide on my ipad2, so I can read it anywhere.

Thanks..

shahrukh9

Guidence Needed

I've done CISA in Dec 2011 attempt. basically I'm from auditing background.

should I go for CISM? should an entry level student attempt it?

lastly I've heard that on passing CISA, one gets complementary membership. my friend got it on passing June 2011 exam.

will they offer me complementary membership? i want to save on exam fee and Q & A

colemic

I can assure you, they do NOT give out complementary memberships.

shahrukh9 wrote: »

Guidence Needed

I've done CISA in Dec 2011 attempt. basically I'm from auditing background.

should I go for CISM? should an entry level student attempt it?

lastly I've heard that on passing CISA, one gets complementary membership. my friend got it on passing June 2011 exam.

will they offer me complementary membership? i want to save on exam fee and Q & A

JDMurray

ISACA does have a student-level membership, which is probably at a discount over the regular membership.

Information Systems - Information Technology - Membership | ISACA

shahrukh9

I think it is being offered in select countries where ISACA is trying penetrate.

Extracts from the Email an exam passer receives.

On behalf of the Board of Directors and the entire membership of ISACA, congratulations on successfully passing the 2011 June CISA Exam. In recognition of your accomplishment, the Board is pleased to extend to you a complimentary ISACA association membership for the remainder of 2011. You will soon also receive a confirmation letter by postal mail. We welcome you to our global network of more than 95,000 IT professionals sharing mutual professional goals, interests and commitments. As an ISACA member, you are entitled to exclusive benefits.
Most importantly, your ISACA membership connects you with a network of IT professionals. Your local chapter will be notified of your new member status and is ready to welcome you as a new exam-passer.

Once again, we applaud your recent achievement. ISACA membership is a valuable complement to your ISACA career goals. We hope you find the above tips helpful and look forward to your involvement with ISACA in the years ahead. We are confident you will find that membership in ISACA will meet your professional needs now and in the future.
Sincerely,

colemic

Wow. I stand corrected then. I didn't get that email, but I was already a member when I passed my CISA exam.