What CISM Material?

Spinal33Spinal33 Member Posts: 7 ■□□□□□□□□□
A question which I'm sure has been answered many times over... but was hoping for a 2013 answer.

What material would you recommend to self study for the June 2013 CISM?

Official books, unofficial books, CBT, audio notes, etc... I'll consider anything :)



  • paul78paul78 Member Posts: 3,016 ■■■■■■■■■■
    If you meet the work experience for CISM, I think the only thing you need is the ISACA review manual and Q&A guide. That's all I used and it was fine for me. The review manual is very dry so it can double as a good sleep aid.
  • Spinal33Spinal33 Member Posts: 7 ■□□□□□□□□□
    paul78 wrote: »
    If you meet the work experience for CISM, I think the only thing you need is the ISACA review manual and Q&A guide. That's all I used and it was fine for me. The review manual is very dry so it can double as a good sleep aid.

    Experience shouldn't be a problem; it's more the material that worries me.

    I've read a bit of an old CISM manual from a colleague, and it somehow manages to be even more dull than the Shon Harris CISSP stuff... What I was hoping for an equivalent of the CISSP 11th hour guide (which is what I ended up using to prepare for the CISSP exam)

  • paul78paul78 Member Posts: 3,016 ■■■■■■■■■■
    Unfortunately, I don't know of any other review resources. I did do a little research in the past for materials on ISACA and never did find anything of value. One other option you may want to consider is to check with your local ISACA chapter. I believe that some offer member led study and review groups.

    I like to tell colleagues that wish to study for ISACA exams that the review guide is the safe and risk-free alternative to sleep aids.
  • numberfivenumberfive Member Posts: 26 ■□□□□□□□□□
    CRM + questions DB = profit
  • ciphercodesciphercodes Member Posts: 21 ■■■□□□□□□□
    CISM manual is the best source for understanding CISM in a way ISACA wants/thinks a security manager is.
    Question DB will help you prepare to answer the ISACA style questions in ISACA way.
  • Lili37Lili37 Member Posts: 13 ■■■□□□□□□□
    Would the CISM be considered more difficult than the CISA? I failed the CISA a couple of times and I'm thinking of another alternative. Job is requiring a security certification.
  • paul78paul78 Member Posts: 3,016 ■■■■■■■■■■
    Hello Lili37 and welcome to TE. I saw your other posting that you did not fare well in the CISA. Could you offer a few more details about your job's certification requirements? And perhaps a bit about your experience and background? It would be a lot easier offer some opinions on a course of action with a bit more info.

    I have not taken the CISA but I have taken other ISACA exams. My concept of relative "ease" of the material may be vastly different than yours so I wouldn't want to offer an opinion simply based on my own background. I have over 2 decades of experience in IT so for me, the material is very starightforward and mostly review.

    Perhaps there are other options which are not ISACA related which may be more appropriate- i.e Sec+, various GIAC certs, ISC2 certs.
  • spiderjerichospiderjericho Registered Users, Member Posts: 877 ■■■■■□□□□□
    I'd like to take this exam in September. I know about the review manual and database questions.

    my question is do you think it's worth it to become an ISACA member? I saw in a thread, where it seemed like it was more expensive to be a member versus paying annual maintenance fees like the CISSP.
  • paul78paul78 Member Posts: 3,016 ■■■■■■■■■■
    Yes, I remember the thread about being an ISACA member. I think I may have commented on it as well.

    I think that membership does largely depend on your own individual likelihood to use the benefits. I understand that some local chapters are quite active and offer lots of networking opportunities. Additionally ISACA does offer some discounted educational materials if you like their materials.

    I personally do it because I believe in their charter and the contribution that they provide to industry such as COBIT but I don't get much more out of being a member other than occasional download of educational materials and reading the magazine.
  • abel_cruzabel_cruz Registered Users Posts: 1 ■□□□□□□□□□
    hello all,

    i have a question regarding work experience. i have not 5 years IS experience, but i am on position of CSO already for 2 years, and before that was IT Project Manager for 5 years and before this 1 year IT manager and 5 years IT specialist before that.

    would it be enough? how i can guarantee it?
  • paul78paul78 Member Posts: 3,016 ■■■■■■■■■■
    abel_cruz wrote: »
    would it be enough? how i can guarantee it?
    Based on your description, by the requirements specified by ISACA, you would not qualify. There is a 3 year minimum of information security management work experience which cannot be substituted (except if you taught information security at a university for at least 2 years which can substitute as 1 year of information security experience). More info here - How to Become CISM Certified

    You can still take the exam, and you can always submit your certification application after you have the required experience.

    If you live in US, your best bet is to contact ISACA directly.

    Good luck on the exam and welcome to TE.
  • CISPhDCISPhD Member Posts: 114
    numberfive wrote: »
    CRM + questions DB = profit

    numberfive hit the nail on the head. I tried to read the CRM, but got about 3/4 of the way through before I absolved to eating the manual in hopes of osmosis being more productive than what my brain was previously acquiring from the manual. The real help came from the electronic test engine they sell. It is a tutor style engine with adaptive learning, and really worth the price (And with ISACA... it is PRICEY).

    The other thing that really helped was the attendance in my local ISACA chapter's review course. If you live in or around a major city, chances are you have a local ISACA chapter. The review course was free, and was every Saturday for the 5 Saturdays before the exam date. It was for 4 or 5 hours each day. Excellent presentations that really summed up the material nicely. Following a 30 - 40 minute presentation we loaded up... you guessed it... the test engine I previously mentioned. We would work through the questions one at a time cover a single domain each week and finishing with an all in one practice test in the 5th week. The true value add was the debate from the rest of the class on why each answer was right or wrong... It really helped to make sure everyone stayed in the :"ISACA mindset".

    PM me with your personal email address and I'll send you the materials I have for the CISM. :)
  • paul78paul78 Member Posts: 3,016 ■■■■■■■■■■
    raymasky wrote: »
    Could you please email / Dropbox me the study material and question banks too ?
    Did you mean to say "study notes" and you weren't suggesting that CISPhD violate his ISACA code of conduct through copyright infringement. The question db is not available for redistribution.
Sign In or Register to comment.