CISM In June 2014
Hey all,
Figured I would make a thread because I know myself and some others I believe plan to take the CISM in June. What study materials does everyone plan to use and when do you guys plan to ramp up your study efforts? From what I gathered it seems to be recommended to stick with the ISACA CISM Review Manual 2014, and the Q&A Database.
Any input from those planning to test as well as tips from those who have recently passed would be greatly appreciated! I am hoping some of the information I learned during the CISSP back in November will come in handy here too.
Figured I would make a thread because I know myself and some others I believe plan to take the CISM in June. What study materials does everyone plan to use and when do you guys plan to ramp up your study efforts? From what I gathered it seems to be recommended to stick with the ISACA CISM Review Manual 2014, and the Q&A Database.
Any input from those planning to test as well as tips from those who have recently passed would be greatly appreciated! I am hoping some of the information I learned during the CISSP back in November will come in handy here too.
Comments
-
zxbane Member Posts: 740 ■■■■□□□□□□Tons of views but no responses, I assume no one on here is going for the CISM in June?
-
zxbane Member Posts: 740 ■■■■□□□□□□Still no responses - I know at least 1-2 other people on the forum plan on testing in June.
Anyways, I recently joined ISACA for the membership discounts and I just purchased the 2014 Review Manual and 2014 Q&A Database. Anyone who is planning to test in June, or even later this year as well as anyone who passed recently feel free to weigh in. I would love some feedback or even to possibly form a study group.
I passed my CISSP in November and I am working as an Assistant Info Assurance Manager. Looking to add the CISM to my resume and also gain the knowledge learned throughout the process. -
Experienced_and_Tested Member Posts: 30 ■■□□□□□□□□ZX, did you receive the private response that I posted to your question a little while back or did they go to neverland?
-
JoJoCal19 Mod Posts: 2,835 ModJune CISM here!!! I just passed ITIL-Foundation and now I'm moving on to CEH, with hopes of knocking it out in a month. Then on to CISM.Have: CISSP, CISM, CISA, CRISC, eJPT, GCIA, GSEC, CCSP, CCSK, AWS CSAA, AWS CCP, OCI Foundations Associate, ITIL-F, MS Cyber Security - USF, BSBA - UF, MSISA - WGU
Currently Working On: Python, OSCP Prep
Next Up: OSCP
Studying: Code Academy (Python), Bash Scripting, Virtual Hacking Lab Coursework -
zxbane Member Posts: 740 ■■■■□□□□□□Experienced&Tested, got your PM and sent one back!
And JoJo I am sure you will knock out CEH in short time and then be able to focus on CISM until June! -
wikiget Member Posts: 75 ■■□□□□□□□□@zxbane The CRM and the database is what got me through it.
I made mp3s of the CRM (2013) using some text to audio software I have. It helped me focus as the CRM is very dry."Once upon a time, disks were floppy, administrators were electricians and computers were louder then jets. Then it all got complicated." -Anon
Life of a Network Security Manager: http://imgur.com/kKvmgjj -
lazyentrepeneur Registered Users Posts: 1 ■□□□□□□□□□zxbane,
I passed the CISM this past December. I did the following three things, and I felt that it worked out extremely well:
1) Read the 2014 CISM Review Manual. It is boring and dry, but it covers the basics. Do not read it while lying on a bed or other comfortable surface.
2) Purchase and use the Q&A CD as if your life depended on it. For about three months before the exam I would go and do about an hour of questions a night most nights. Begin focusing on the areas you have already read the review manual for, and expand your question base over time. When going thru the questions, do more than just find the right answer; explain to yourself out loud each time why the other answers are incorrect.
3) Take an ISACA review course if your local chapter offers them. My local chapter offered a 6-evening review course for only $100, and it was amazing. There were only two students in the review session, and it allowed for a large amount of interaction between the students and the experts. By this time you should be well versed in the material, and able to have good discussions regarding the material and review questions.
You have your CISSP, so hopefully much of the material should not come as a complete shock; I considered it a more in-depth look into the IS Governance and Risk Mgmt CBK domains.
Feel free to let me know if you have any questions! Happy studying! -
zxbane Member Posts: 740 ■■■■□□□□□□lazy,
Thanks for the input. I just received my 2014 CISM Review Manual and Q&A Database books yesterday and started diving into chapter 1 today. I will take your advice, read a chapter in RM then go over to the Q&A and do the relevant questions until eventually my study scope encompasses all of the book!
I would be interested in taking a review course prior to testing but unfortunately the only one I see for 2014 is in NJ, and I live in MD. (As far as local chapter review courses, not bootcamps etc) -
zxbane Member Posts: 740 ■■■■□□□□□□Almost through the first domain about governance. I've been bouncing back and forth between reading the chapter in RM and then doing some questions in the Q&A DB. I think with this approach and doing it for a hour or more each day between now and June I should have a solid grasp of what will be expected of me on the exam.
Anyone else currently studying for the CISM feel free to weigh in, although I know this thread hasn't gotten much input so far. It seems like most are going for the CISA in June, I plan to try to tackle that in September myself hopefully after passing CISM in June. -
chrisjersey Registered Users Posts: 1 ■□□□□□□□□□Hi lazy, I am relatively new to CISM certification. would you mind sharing how long did it take for you to prep for the CISM please ? I have background in Technology Risk as well as ITIL. Have spent around 12 years in IT various roles. With my background, wondering if I have enough time to target June 2014 for certification. Thanks !
-
zxbane Member Posts: 740 ■■■■□□□□□□Have read through the first 3 domains in the 2014 Review Manual and also did the first 3 domains in the Q&A in tandem while reading each respective domain in the RM.
I've been using the paperback Q&A but I just purchased the 2014 Q&A CD-ROM to optimize my studies. I found with the paper book I had to keep covering each answer as I moved along so I wouldn't see the answer before choosing my own answer. I also didn't like how all domains are separated so you aren't getting a good mix of questions. With the CD-ROM I will be able to mix domain concentration areas together, focus on questions I got wrong previously, etc.
Feeling pretty confident with the material so far and comfortable that I should do well come June with the study methods I am using. I know this area of the forum doesn't get much love, but anyone else taking the CISM in June, or who has taken it in the past of course feel free to chime in! -
zxbane Member Posts: 740 ■■■■□□□□□□Finished up the full 2014 CISM Review Manual and the Q&A Paperback. I ended up purchasing the CD-ROM as mentioned above, to optimize my study efforts. I will be going over the Q&A roughly 50-100Q's a day for the next month and a half or so and then will re-read the Review Manual one more time as June approaches.
Feeling comfortable with the material for the most part and scoring well on 50Q practice exams averaging 80 %+/-. I plan to do at least a few 200Q full practice runs prior to testing.
Hopefully by June some others join this thread or at least benefits from anything posted in it. -
moyondizvo Member Posts: 155ZXBANE, LET'S DO THIS ... ... I have been putting off the CISM exam for about a year now, I registered for December 2013 but had to reschedule because of work commitments. I did other certs in between so I wasn't just idle, which I find is always good. I start a new job on 1 May so I doubt I will get any time off from new employer to prepare for my exam so good-bye to weekends once again ***SIGH***
I feel like I am running out of time because I only received the CISM Review Manual a few days ago, but I am determined to study hard and sit the exam in June. My study strategy: I am going to nut out the Review Manual for the next couple of weeks. I am hoping to be done with at least the 1st domain and may be half of the 2nd domain by the end of this coming weekend. I have a bunch of NIST publications that I believe are useful for CISM so I shall be referencing those throughout my studies.
I am hoping to have purchased the Q&A software download by the end of April, this will give me a solid month of practice questions. By the end of May, I should be mixing it up, Review Manual and Q&A. I will be adjusting my strategy as I go dependent on the progress I will be making with the NIST publications and the Review Manual.I found with the paper book I had to keep covering each answer as I moved along so I wouldn't see the answer before choosing my own answer. I also didn't like how all domains are separated so you aren't getting a good mix of questions.
This the reason why I am going straight for the software download, I learnt this when I was doing my CISA prep, I would find myself cheating sometimes so I purchased the software download and managed to make progress. I am not taking any chances this time. -
zxbane Member Posts: 740 ■■■■□□□□□□Moyondizvo,
Glad to see I am not the only one here pursuing the June CISM! It will be nice to have someone else to collaborate with during studies leading up to the exam. Your study plan sounds solid and having the CISA already gives you some comfort with the ISACA testing style. I've finished my first read through of the Review Manual and have been hitting the Q&A hard a little every day and I find it is extremely useful for drilling in key concepts and terms.
Feel free to PM me if you'd like! -
moyondizvo Member Posts: 155I know for a fact that there are more people sitting the CISM exam on this forum, some people just find it more comfortable to be a lurker, read other people's experiences whilst polishing up on their own strategies ... I used to a lurker so I know how they operate ...lol ... Have you found any domains or topics to be challenging so far?
-
zxbane Member Posts: 740 ■■■■□□□□□□Nothing wrong with lurking, I've been there myself!
Honestly I haven't found any of the domains particularly challenging, I seem to score the lowest in IS Program Development and Management and highest in Incident Management so far. I've been pulling 50Q quizzes from all 4 domains and I am averaging around 80% for now. The most frustrating part so far has been some conflicting definitions and stances on topics. One question will lead you down one path of reasoning and another covering the same topic might take you in a different direction and conflict with the first. This isn't very often though and I must say the ISACA material has been solid so far, hopefully it is the best available study resource for the exams as most people say.
I plan to register for the June CISM today since the deadline is April 11th -
spena Member Posts: 31 ■■□□□□□□□□Was about to register for the June 2014 exam but there too many personal stuff happening within the next two months so I will join the Sept 3 Exam Club. I passed CISSP exam back on March 2013 which took me around 3 to 4 months of studying so the Sept date is perfect for me.
Reading this thread, the mandatory materials I need to purchase for this exam are the CISA Handbook, Q&A and the CD Question Bank. Any other recommended reading? Also is it still a paper/pencil exam?
edit:
coworker is lending me the Review Manual 2013, is that okay to use for the 2014 exam? -
zxbane Member Posts: 740 ■■■■□□□□□□Spena, sorry to hear that but I am sure you will do great in September!
As far as materials I would honestly skip the Q&A paperback book and go straight for the CD or database download due the reasons I stated above. The paperback makes it to where you have to use a piece of paper or something similar to block the answers as you go along through the questions because the answers are right below the questions. Also, the questions are separated by domain so you can't pull a mix of questions like you can from the CD or Database.
Long story short, go for the CD or DB and save yourself the money from the paperback Q&A. I am however using the paperback review manual though -
MelanieWatson Member Posts: 11 ■□□□□□□□□□Hey,
I would suggest using the official CISM resources, such as the Manual (2014) and the QAE (2014). They're published by ISACA and include 815 multiple choice questions, so you can make sure you're ready for the exam!
Both can be bought together in the CISM Exam Passport: CISM Exam Passport -
certman321 Registered Users Posts: 1 ■□□□□□□□□□Hi! One question!! Though i know its very late for this question! I am already CISA certified and I am working as a Systems auditor. I have already registered for the CISM examination. Do you think I will be able to certify after passing the exam?? Like I don't do anything security related..
-
moyondizvo Member Posts: 155certman321 wrote: »Do you think I will be able to certify after passing the exam?? Like I don't do anything security related..
Wadddduuupppp certman321 ... You can sit the CISM exam at any time, however to certify according to ISACA you need the following:
1) Successfully pass the CISM exam.
2) Adhere to ISACA's Code of Professional Ethics.
3) Agree to comply with the Continuing Education Policy.
4) Work experience in the field of information security.
5) Submit an Application for CISM Certification.
I find that a lot of people fall short on the work experience "Submit verified evidence of a minimum of five years of information security work experience, with a minimum of three years of information security management work experience in three or more of the job practice analysis areas. The work experience must be gained within the 10-year period preceding the application date for certification or within 5 years from the date of originally passing the exam." There are experience substitutions of which you qualify as a result of your CISA, refer to the ISACA website.
In my opinion and more importantly according to a lot of security resources, Systems auditing is a huge facet of information security. Information Assurance is now a big thing. Remember this, if you don't have the required work experience, you have 5 years from the date of passing the exam to get it. Hope this helps. -
rob1234 Banned Posts: 151moyondizvo wrote: »Wadddduuupppp certman321 ... You can sit the CISM exam at any time,
No you can't. -
zxbane Member Posts: 740 ■■■■□□□□□□Rob, I think moyo was being sarcastic since the individual mentioned they don't do anything security related.
-
pappyT Member Posts: 24 ■□□□□□□□□□Spena, sorry to hear that but I am sure you will do great in September!
As far as materials I would honestly skip the Q&A paperback book and go straight for the CD or database download due the reasons I stated above. The paperback makes it to where you have to use a piece of paper or something similar to block the answers as you go along through the questions because the answers are right below the questions. Also, the questions are separated by domain so you can't pull a mix of questions like you can from the CD or Database.
Long story short, go for the CD or DB and save yourself the money from the paperback Q&A. I am however using the paperback review manual though
I'm also sittin for the June exam, and I am doing the same: using the paperback CISM review manual, and the CD of the practice questions. -
zxbane Member Posts: 740 ■■■■□□□□□□I'm also sittin for the June exam, and I am doing the same: using the paperback CISM review manual, and the CD of the practice questions.
Good to hear there is someone else out there pursuing it as well. How are you finding the studies so far?
Also does anyone know of any active discussion sites or blogs etc regarding the CISM? This section of TE doesn't seem to get much attention.
I am planning to re-read the Review Manual one more time as June gets closer but for now I am just doing 30-60 practice questions a day to keep the information fresh. I seem to have it down for the most part and just get hung up on a handful of questions usually. -
JoJoCal19 Mod Posts: 2,835 ModAlso does anyone know of any active discussion sites or blogs etc regarding the CISM? This section of TE doesn't seem to get much attention.
I'd like to know this too. The section for CISM at CCCure is also pretty dead.Have: CISSP, CISM, CISA, CRISC, eJPT, GCIA, GSEC, CCSP, CCSK, AWS CSAA, AWS CCP, OCI Foundations Associate, ITIL-F, MS Cyber Security - USF, BSBA - UF, MSISA - WGU
Currently Working On: Python, OSCP Prep
Next Up: OSCP
Studying: Code Academy (Python), Bash Scripting, Virtual Hacking Lab Coursework -
pappyT Member Posts: 24 ■□□□□□□□□□well, having done the GSLC last year, I see a lot of overlap as far as concepts, and so on. I think couple of things strike me as where my problems may come up.
1. the 'domains' which don't necessarily (at least from what I can tell) line up with either the way GIAC presents it, or with the ISC2 (CISSP) study materials i've looked through. so knowing the 'book' answer for CISM vs. my practical experience and my other research studies.
2. the practice tests/questions/exams so far. To me, it looks like a lot more of the " some answers are MORE right than others " as far as the questions. That will be again, for the same reasons listed in #1, make it more difficult for me I think.
as far as community/discussion about he exam, there is 'some' discussions on the official ISACA site.... http://www.isaca.org/Groups/Professional-English/cism-exam-study-community-2013/Pages/Overview.aspx -
zxbane Member Posts: 740 ■■■■□□□□□□Thanks for the link pappyT, I will swing over there and see if there is any useful information. There doesn't seem to be much of a interest in the CISM as I see from online sites/forums which is surprising since I see a decent amount of jobs listing it as a requirement or desire
-
nathan_drake Registered Users Posts: 4 ■□□□□□□□□□Hi, All,
I took the CISM exam in 2013 December and I didn't make it. Here are the steps that I’ve taken to prepared for 2013 December exam (but still failed – but very close to passing).
I started studying for the exam Early September 2013.
I read the CISM Manual book. But, I had trouble concentrating the contents since it was supper dry. I was able to complete the book, but I couldn’t understand most of the concepts. It is pointless to read the book many times without understanding the concepts.
I did the questions database. That was useful, since it helps you to focus. However, I did the questions almost on a daily basis for three months. First I was making lots mistakes, then, gradually scores started to improve. Before the exam, I was scoring 90%. Then I realized that I was scoring high, because, more I do the questions, the answers starts to store in my memory (subconsciously I was memorizing the answers instead of grabbing the concepts).
So, I wasted three a half months of study without understanding most of the concepts. It is very important to understand the concepts.
This my new study plans for the June exam:- Read the books and take small notes. Specially, write the section title and a one line summary about the sections. This will give me a big picture about the entire chapter and what it contains.
- Do the CD questions. But, if the answer is right, then find out why you are right. If you are wrong, find out why you were wrong, what sort of thinking brought you a wrong answer. Figure out that what sort of thinking will bring you the right answer. Always remember, this exam is a concept based exam. Mostly, they want to know that how you would react and make decision in the real world situation using your common sense without disrupting business and while remediating or dealing with the security issues when things go wrong.
- I’m also going to register with CBT Nugget videos to see whether I can grab anything useful (summary of these chapters and concepts).
- Most importantly, getting a support from the other CISM exam writers is critical so you don’t feel left out and loose motivations. It’s very easy to lose motivation when you are studying for these kinds of dry subjects.
- Chapter courses are not available in my area. One day practical exam course is catered by the local chapter for $100. I’ll be taking that as well.
CISA and CISSP have lots of training courses and resources for studying. CISM doesn’t many of those.
Good Luck Guys.
Remember this: It’s all about resolving the security matters without disrupting or impacting the business. -
nathan_drake Registered Users Posts: 4 ■□□□□□□□□□Can anyone able to summarize the chappter-3 in less than half a paragraph using the key concepts found in Chapter-3 ?