CISM In June 2014
Comments
-
zxbane Member Posts: 740 ■■■■□□□□□□Nathan,
Thanks for the honest and thorough review, sorry to hear you didn't make it last time but hopefully you will this time, as well as the rest of us taking it!
I agree there aren't an abundant amount of resources out there and it is easy to get burnt out studying if you started too soon, I am experiencing this myself and just wish I could test at this point. I also find myself memorizing a lot of the questions even though the CD contains 900 or something wild. Luckily most of the time it is also true that I understand the concepts and reasoning for an answer being correct.
I plan to buckle down on the review questions the closer it gets to exam day.
Could you give us any insight into what other certifications you hold, your work experience, why you are pursuing the CISM etc? -
nathan_drake Registered Users Posts: 4 ■□□□□□□□□□I'm involved in performing security reviews. CISM will be my first cert. But I got tech work exp & tech degree.
zxbane,
An information security manager reviewed the access control lists and observed that privileged access was granted to an entire department. Which of the following should the information security manager do FIRST?
- review the access procedure
- or find out the business needs
What's the right answer? and WHY? -
zxbane Member Posts: 740 ■■■■□□□□□□I see where you are going with the question, from my experience with the ISACA practice question manual I would say find out the business needs and then adjust the access needs accordingly. A frequent theme I see in the questions as well is to assess the risk prior to discussing it with management etc. to quantify the risk certain activities such as access for an entire department pose.
-
nathan_drake Registered Users Posts: 4 ■□□□□□□□□□Great. You got it right. But I didn't and here is why.
In real life situations, when this happens, first thing I want to do is to check the procedure to see what was documented. If document is ok, then I would look for any exceptions that are granted based on any business needs. Without checking the procedure document, if I go look for an exception or to discuss with the management why the access was granted to everyone, then I may look stupid if management asked me whether I have checked the document to see the updated access procedure information (in case if the procedure document is updated with new access requirements that indicates everyone requires role based access due to the nature of the business).
But, I’m trying to understand this from ISACA’s way. Maybe, not everyone should have role-based access. But, if everyone does have role-based access in well established organization (if they have policies and procedures, then I’m assuming this can be a well established organization), then it must have been for an important reason. So don’t bother looking at the procedures and go ahead and have chat with the management and find out what’s happening.
Or maybe ISACA wants us to read the procedure first and then find out who has a role-based access. If we find out that everyone have role-based access, then we should have a chat with the management to find out the business needs.
Whether it’s ISACA’s way or real world scenarios, we need to understand the ISACA’s thought process for selecting their final answers.
I know I’m going deep here. But, would you blame me ? -
Artemisa Member Posts: 15 ■■■□□□□□□□I also took CISM in December and didn't pass it. Like you Im concentrating on the concepts as I am starting to memorize the questions.
-
zxbane Member Posts: 740 ■■■■□□□□□□Sorry to hear that Artemisa, do you plan to re-test in June?
Anyways, almost down to the 30 day mark. I have began re-reading the Review Manual for one final pass through and still doing 30-60 practice questions a day. As it gets closer to the final two weeks before the exam I plan to do at least a couple 200 Question practice runs as well using the Q&A CD.
I know this section doesn't get much attention but anyone else testing in June feel free to chime in!
I have also found myself memorizing some questions but not in a bad sense necessarily, like when I see a specific phrase or concept I know that it will relate to another, that type of thing. -
Artemisa Member Posts: 15 ■■■□□□□□□□Yes I am planning to re-test in June. Like you I have memorized some of the phrases or concepts. I am actually going through the RM as I am doing the Database questions. Also I am reading the glossary to understand the terms and concepts. I think that was my problem last time not knowing the terms. Hopefully this time around I will be better. Lets hope.
-
TripleDES Member Posts: 10 ■□□□□□□□□□Hello all,
I passed the CISSP on 5/14 leaving me with 30 days to study for the CISP. I hope there is some carryover in material as the CISSP information is still very fresh in my mind. -
Nanz Registered Users Posts: 2 ■■■□□□□□□□Hi All,
I am also taking CISM on 14th June. I bought both the Review Manual and the Questions Software - and I haven't been able to read the Review Manual at all. Its got to be the most sleep-inducing book of all times. Not a single example and not a single real-life situation! It just goes on-and-on with theoretical concepts. This exam is giving me the jitters...I think CISSP was a breeze. At least the books were interesting!
The Questions are helpful though, so just relying on that.
Best of luck folks!
Cheers! -
zxbane Member Posts: 740 ■■■■□□□□□□Just wanted to say good luck to everyone tomorrow! Now we play the waiting game to see how we all did..
-
pappyT Member Posts: 24 ■□□□□□□□□□same to you!.... that will be the hard part, initial feeling of relief, followed by several weeks of hope, denial, optimism, self-doubt, and so on in store for us before we get the good news!
-
Artemisa Member Posts: 15 ■■■□□□□□□□The test didn't seem that hard but who knows how I did. There were a few questions that didn't fit in. One about transborder flow, inherent risk with the rules. I am not sure how I answered those. Hope I passed this time. Good luck all.
-
Artemisa Member Posts: 15 ■■■□□□□□□□Yes I did get the results and didn't pass again. I was better this time though. My weakest parts were Risk and the Security one. Will try one more time in December.
-
levster Member Posts: 18 ■□□□□□□□□□Hi All,
I took the September CISM exam. Now the waiting game begins.
Good Luck to all that took the exam.
Cheers,
Levster