CISM Prep Material

tomrestomres Member Posts: 4 ■■□□□□□□□□
Hi,

Having passed the CISSP, thought CISM would be a good next step.
I was trying to find a sticky note about prep material for CISM on this forum, but could not find one.
Is someone able to guide me on what materials are recommended?

For example, there is the ISACA official guide and QAE book on Amazon - but both books are from 2016...that's 4 years old now - is there an upgrade?
(h**ps://www.amazon.com/CISM-Review-Manual-15th-Isaca/dp/1604205083/ref=sr_1_4?keywords=CISM&qid=1585126921&sr=8-4)
(h**ps://www.amazon.com/CISM-Review-Questions-Answers-Explanations/dp/1604205059/ref=sr_1_2?keywords=CISM&qid=1585126921&sr=8-2)

There is also the All-in-One book bundle, which is half the price, and more recent (2019).
(h**ps://www.amazon.com/Certified-Information-Security-Manager-Bundle/dp/1260459004/ref=sr_1_1?keywords=CISM&qid=1585126921&sr=8-1)

What about some other sample exams? Boson?
Is there an 11th Hour book?
CISM Pocket Prep any good?
What about the Essential CISM Quiz book? (h**ps://www.amazon.com/Essential-CISM-Exam-Quiz-Updated/dp/B07CY9TKGB/ref=sr_1_11?keywords=CISM&qid=1585126921&sr=8-11)

Any advice would be highly appreciated.

Many thx
Tom

Comments

  • E Double UE Double U Member Posts: 1,697 ■■■■■■■■■□
    Most people (myself included) just used the official material from ISACA. I passed in 2017 using only the review manual and QAE database. 
    Alphabet soup: CISSP, CCSP, CISM, CISA, GDSA, GPEN, GCIA, GCIH, GCCC, CEH, Azure Fundamentals, etc

    2020 goals: AZ-900, AZ-500, GDSA, ITILv4

    "You tried your best and you failed miserably. The lesson is, never try." - Homer Simpson
  • scascscasc Member Posts: 287 ■■■■□□□□□□
    Agreed - I only used the Q&A material. Most people I know have used just this or the official review book too in order to grasp the material better (if required).
    MSc, BSc (Hons), AWS CSA, C-CISO, CISSP, CCSP, CCSK, CISM, CISA, CRISC, GSTRT, GSNA, GCCC, CEH, ECSA, CHFI, TOGAF, CISMP
  • tomrestomres Member Posts: 4 ■■□□□□□□□□
    much obliged, thank you
  • bigdogzbigdogz Member Posts: 847 ■■■■■■■□□□
    The Official guide and the Q&A book are all you need to pass the exam.
  • Info_Sec_WannabeInfo_Sec_Wannabe Senior Member Member Posts: 400 ■■■□□□□□□□
    What they said.

    Also, any reason or tackling CISM (gven that you already have CISSP)?
    Three year plan: (2018) CISSP [X] and eJPT [ ]; (2019) eCPPT [ ]; (2020) OSCP [ ]
  • tomrestomres Member Posts: 4 ■■□□□□□□□□
    What they said.

    Also, any reason or tackling CISM (gven that you already have CISSP)?

    good question.

    my thinking was - it would be a good idea to have a 'management' type exam behind the belt in order to be considered for any CISO type roles?
    having a good balance between technology and business would give one a better chance?

    of course there is now the 'security MBA' which might be a better one to focus on...

    what have you heard?
  • DZA_DZA_ Untitled. Member Posts: 438 ■■■■■■□□□□
    tomres said:
    What they said.

    Also, any reason or tackling CISM (gven that you already have CISSP)?

    good question.

    my thinking was - it would be a good idea to have a 'management' type exam behind the belt in order to be considered for any CISO type roles?
    having a good balance between technology and business would give one a better chance?

    of course there is now the 'security MBA' which might be a better one to focus on...

    what have you heard?
    Hi Tomres,

    There are actually a couple factors involved that generally allow an individual to be considered for a CISO role (depending on size of org):
     
    - Whether you have a post-graduate degree in an MBA or masters in cybersecurity (executive roles tend to favour people with higher education)
    - Having a security management certificate under your belt would be beneficial to solidify your working knowledge and experience
    - Having a good sense to translate business to technical language, vice versa
    - Understanding how to manage large teams and multiple teams geographically and so on
    - Being influential in your organization.

  • tomrestomres Member Posts: 4 ■■□□□□□□□□
    Hi,

    to comment on those:

    - Whether you have a post-graduate degree in an MBA or masters in cybersecurity (executive roles tend to favour people with higher education)
    yes, I am also planning to do an MBA (security slant now available) or a Masters in Cyber Sec.

    - Having a security management certificate under your belt would be beneficial to solidify your working knowledge and experience
    isnt this where the CISM is a good fit? Unless you can recommend analternative?

    - Having a good sense to translate business to technical language, vice versa
    luckily I have been in a role for years that allows me to do this, and gain experience

    - Understanding how to manage large teams and multiple teams geographically and so on
    have had small teams in the past, will have to look at opportunities for growth

    - Being influential in your organization.
    yep, agreed.


    Hence I thought I'd knock out CISM, since my CISSP knowledge is still fresh. Straight afterwards, move to MBA or Masters CyberSec.
  • JDMurrayJDMurray MSIT InfoSec, CISSP, SSCP, GSEC, EnCE, C|EH, CySA+, PenTest+, CASP+, Security+ Surf City, USAAdmin Posts: 11,729 Admin
    There are very few choices for InfoSec management certifications: CISSP-ISSMP, CISM, GSTRT, and CCISO.

    The ISSMP is the logical follow-up after getting the CISSP, CISM has the most industry recognition, GIAC has only the one management cert at the moment (for SANS MGT514), and the EC-Council cert is approved by the US DoD--as are the CISM and CISSP-ISSMP--but I haven't heard much else that's good about it.
  • scascscasc Member Posts: 287 ■■■■□□□□□□
    SANS also have GSLC - though from what I have read I believe this may be more for the entry level info-sec officer. You may find that if you ever do CISSP-ISSMP, the best prep for this is in actual fact the CISM Q&A. Have had this confirmed from a number of people, though its a very unpopular cert (a hit on linkedin did not exactly set the world alight). However, appreciate different reasons to do a cert and not necessarily based on the hits you get.  
    MSc, BSc (Hons), AWS CSA, C-CISO, CISSP, CCSP, CCSK, CISM, CISA, CRISC, GSTRT, GSNA, GCCC, CEH, ECSA, CHFI, TOGAF, CISMP
  • JDMurrayJDMurray MSIT InfoSec, CISSP, SSCP, GSEC, EnCE, C|EH, CySA+, PenTest+, CASP+, Security+ Surf City, USAAdmin Posts: 11,729 Admin
    The GSLC might be the cert for a SANS management course but it's hardly a real management cert compared to the others.
Sign In or Register to comment.