ISSMP Thoughts?

Hi there!

I'm contemplating taking the ISSMP as my next cert and wondered if anyone has any thoughts on how difficult it is compared to a few other tests. Also, any study tips?

To give you some background on myself, I have the CISSP, CISA, CISM, and a few other certs. I read the Sybex CISSP and CISA book, and didn't study for the CISM. I passed the CISSP and CISA with ease and passed the CISM with a little room to spare.

I'm trying to determine if I have decent odds of taking the exam cold or if that's a downright foolish idea.

Thanks for any thoughts. Very little quality information out there on this test - too bad.

Find more posts tagged with

SAVE $250 on Your Boot Camp — Use Code "EXAM26"

Exclusively for TechExams members for Infosec Boot Camps starting before April 30, 2026

View Boot Camps

Comments

dijital1

I just finished reading through the ISSMP CBK today. It was a good/fun read and fairly light in comparison to the other concentrations. I wouldn't recommend that you take it cold though. A bit of review doesn't hurt.

I already have the ISSEP and ISSAP specialization but there's very little overlap so I'm taking it pretty seriously. It's ultimately up to you, but I'd recommend taking a few weeks to sharpen your knowledge even with your background.

Just my 10 cents...

moyondizvo

You seem to have a strong background in info sec, which I believe is always important but I would not recommend a cold run. I have not yet attempted the ISSMP exam, it is in my plans to just need to knock out a few other certs, but from my understanding it is a difficult exam. However if you have a few hundred dollars to spare and want to have a feel of the exam, a cold run could be what you are after.

Have a read of the posts by @Falasi , @AnthonyF and @Humbe, they might be able to give you an idea of how the exam is. @dijital has some experience with the CISSP concentrations, so might be worth taking his advice

All the best and keep us updated on how you go.

Thistleback

I too want to pursue the ISSMP next. I hope this thread gains momentum. Not much talk out there on this concentration.

dijital1

I'm in the review phase Thistleback. My goal is to take the exam week after next. I'll see how I'm feeling after this week.

moyondizvo

@Thistleback - Have a read of the posts that I have linked above, there is a bit of stuff you might be able to pick up from there. Not as much as other certs like the CISSP, but its something.

@dijital1 - Please do post after you sit the exam and let us know how you felt, tips etc

teeman

Hi rlelewski
I sat for the ISSMP in December and passed it.After that I took the ISSAP and failed it, I rewrote ISSAP and passed it.I wrote the CISM in December 2012 and passed it.Here are my thoughts.ISSMP is a very easy exam, very comparable to CISM, no effort at all I used the ISC official study guides only.We write certificates for different reasons, but what iI can say, is I do not see any value of having both CISM and ISSMP,I realised that ISSMP is less known compared to CISSP, I don't think ISSMP will increase your current knowledge considering the fact that you have the tripple C already(CISSP, CISA, CISM).If you really need to challenge yourself and add more knowledge I would suggest you try the ISSAP exam.I still see employers still demand a degree for most of the jobs.You can perhaps add the CRISC on your resume .With your current knowledge you can pass the ISSMP exam .

AnthonyF

Hey guys,

I have been thinking about the test since moyondivzo asked me for input about it. I remembered a couple of other things that I did to help me prepare for the exam.

This is generally how I prepare for every exam although it is not covered in my other ISSMP post. Not that I remember anyway. Old age and all that. Things come slowly, but they do get there once I stir the pot.

1. I read the book fast just get get through it and get a total understanding, something like a domain a day.
2. Then I read it slow and go through the questions at then end and really analyze what they are asking and try to figure out where I went
wrong/right and the concept(s) behind the question(s).
3. Create notes for every domain. I do not really review the notes but it helps solidify the concepts and a bit of the details in my brain.

Test info:

None of the questions looked like anything in the CBK. The answers kind of stood out. I can honestly say almost every question had an answer that said do you consult policy, senior management or legal? When in doubt choose the most managerial answer that is all I can recommend.

The test was not tricky at all. Just have confidence in your answers. The first choice is usually the correct one.

Thistleback

moyondizvo wrote: »

@Thistleback - Have a read of the posts that I have linked above,

Done - looks like I'll be reviewing the CBK for ISSMP and maybe scheduling the exam before too much of my CISSP knowledge drains out. My advantage is management experience - I wear several hats in my job - InfoSec, DR/BCP, Incident Response, Vendor Management, Change Management, Project Management. So I have the "management mindset" which helped greatly for the CISSP exam. Should hold me in good stead for the ISSMP . . .

@teeman, thanks for your notes as well. This gives me impetus to try and pass the ISSMP fairly soon.

dijital1

Well crunch time has started. I've registered for the ISSMP exam for the end of next week. This gives me just over a week to finish up preparing.

I've already read through the entire CBK once. Making my second pass through it now. It's been a fun exam to prepare for. Hopefully I've done enough to make it through the exam next week.

moyondizvo

Well, all the best Dijital1, looking forward to your post after the exam.

dijital1

Well this morning I completed the specialization hat trick. The ISSMP exam wasn't as tough as the ISSAP or ISSEP. Very scenario based. Glad to have it behind me.

JDMurray

Whoa, congratz! The coffers of the (ISC)2 are overflowing thanks to just you!

dijital1

JDMurray wrote: »

Whoa, congratz! The coffers of the (ISC)2 are overflowing thanks to just you!

I know right? They do get a good chunk of money from me (well my employer rather) to keep them all current. I enjoyed preparing for the exams. Forced me to learn a lot of material that I otherwise might not. At any rate, glad that its done.

moyondizvo

Congrats...

...great work, i had this feeling that you were going to ace it anyway.

To confirm, you just used the Official ISC2 ISSMP resource? Any practice exams? Any additional material? I know that you have a lot of experience in the IS field so that would have played a big part too.

dijital1

That's correct. Just the official ISSMP CBK study guide and the questions at the end of each chapter. Read through the book twice.

moyondizvo

Okay, thanks for the info...been thinking more and more about this exam and might attempt it sooner than I had planned to. Anyhow we will see how my other certs go.

With the changes coming up soon in April, would you have an idea if it's worth purchasing the current CBK study guide or wait for the updated one to be published?

dijital1

The current one will be fine. ISC2 doesn't do huge changes to the exam in huge chunks. If you were going to wait until next year to sit the exam, then perhaps.

More than any particular concept, the exam tests your ability to manage a security environment as it relates to business needs; not on which technical solution is "best".

If you approach your studying and the actual exam from that perspective, you'll be fine.

moyondizvo

Cheers Dijital1, Congrats once again...

dijital1

Thanks man. Really appreciate it.

Humbe

Jesus man congrats !!!

I'm glad you were able to nail it at your first try!

dijital1

Humbe wrote: »

Jesus man congrats !!!

I'm glad you were able to nail it at your first try!

Thanks man. There's still the CAP and SSCP left so who knows? One of those 2 might have my number. I'll probably do the CAP next I'm thinking. One of my goals for this year is to finish up the ISC2 track.

Thistleback

dijital1 wrote: »

More than any particular concept, the exam tests your ability to manage a security environment as it relates to business needs; not on which technical solution is "best". If you approach your studying and the actual exam from that perspective, you'll be fine.

Congrats dijital1! You are an inspiration! I think I'll join moyondizvo in going for it soon too!