CISM

GoodBishopGoodBishop Posts: 359Member
Greetings.

I just signed up for the CISM exam (today's the deadline!), do you all have any thoughts as to what books I should read for the exam?

And do you have any thoughts as to what I should do when I get the certification, or how should I leverage that into either getting a different job or a raise?
«1

Comments

  • lopezcolopezco Posts: 38Member ■■□□□□□□□□
    I signed for CISM too and I am using CISM review Manual 2007 and CISM questions and answers database 2007.

    I found useful the information. This certification focuses in a high level managerial approach.
    If you do not have managerial security experience first you wont get the certification and probably won't add the value you expect.
    DAL
    "If you reveal your secrets to the wind, you should not blame the wind for revealing them to the trees." — Kahlil Gibran
  • fyeqfyeq Posts: 4Member ■□□□□□□□□□
    Hi,

    Can one of you forward me

    MODERATED

    .i would be really greatful.

    Thank you
  • sprkymrksprkymrk Posts: 4,884Member
    Wrong place to ask for warez friend. icon_rolleyes.gif
    All things are possible, only believe.
  • fyeqfyeq Posts: 4Member ■□□□□□□□□□
  • AhriakinAhriakin SupremeNetworkOverlord Posts: 1,800Member ■■■■■■■■□□
    Warez = Unethical, Illegal
    This forum = Security
    =>> Warez+This Forum = 0 + Irony

    Not that it has a place on any, just funniest of all here ;)
    We responded to the Year 2000 issue with "Y2K" solutions...isn't this the kind of thinking that got us into trouble in the first place?
  • fyeqfyeq Posts: 4Member ■□□□□□□□□□
    hahahahhahaha.....now u guys are making me guilty...but the harsh truth of having the dough to give certification exams and examination is not feaseble for every1....even though i am asking for a Q&As database for a security(irony) certification...i should be abiding certain codes and ethics icon_rolleyes.gif
  • SchluepSchluep Posts: 346Member
    fyeq wrote:
    hahahahhahaha.....now u guys are making me guilty...but the harsh truth of having the dough to give certification exams and examination is not feaseble for every1....even though i am asking for a Q&As database for a security(irony) certification...i should be abiding certain codes and ethics icon_rolleyes.gif

    If you have the intelligence to make use of such information then you certainly have the capability to pass the examination. The cost of the exam can also be earned by anyone. I know an 11 year old girl that started a jewelry business and made $2,500 in a few months while attending grade school to purchase a pet dog and dog house (or dog hotel with everything she put in it, including heat and room to fit inside with the dog). If she can do that with very little help from her parents then I have no doubt you could find a way to do the same. Figure a way to earn some extra money to be set aside specifically for your certification and any study materials you need to purchase, then go ahead and do it.

    If you don't deserve and haven't earned a certification, then you should not be able to put it by your name.

    You are no less qualified than any of us, but we are choosing to earn our certifications the honest way. Not only will you be of more value to your clients/employer if you learn the information and earn your certification, but you will build a lot more character in the process.
  • fyeqfyeq Posts: 4Member ■□□□□□□□□□
    ok guys....thanks alot ....i learned my lession i will never ask for practice exams frm security professionals!! ..................... but there is no harm in sharing information for the sake of education...thats how i think...every1 has his/her own school of thought...this conversation wont change my opinion on sharing information for the sake of education....i belief its different than piracy of software (warez)....i dont want to spur any controversy or upset any1...just forget if i ever asked for the Q&As database and stay happy :)
  • BeaverC32BeaverC32 Posts: 671Member
    For the sake of education? You're requesting a copy of Q+A's to the exam...aka you want to ****. How about learning the material through legit sources like the rest of us?
    MCSE 2003, MCSA 2003, LPIC-1, MCP, MCTS: Vista Config, MCTS: SQL Server 2005, CCNA, A+, Network+, Server+, Security+, Linux+, BSCS (Information Systems)
  • JDMurrayJDMurray Certification Invigilator Surf City, USAPosts: 11,383Admin Admin
    fyeq wrote:
    hahahahhahaha.....now u guys are making me guilty...but the harsh truth of having the dough to give certification exams and examination is not feaseble for every1....even though i am asking for a Q&As database for a security(irony) certification...i should be abiding certain codes and ethics icon_rolleyes.gif
    "I can't afford that 50" plasma TV so that should give me the right to steal it." Lotsa people rationalize that one.

    He seems to think that certifications are a necessity, like healthcare, and therefore he has a right to steal what he "needs." I certainly don't want any InfoSec people in my organization whose first solution to a problem is theft.
  • sprkymrksprkymrk Posts: 4,884Member
    fyeq wrote:
    ok guys....thanks alot ....i learned my lession i will never ask for practice exams frm security professionals!! ..................... but there is no harm in sharing information for the sake of education...thats how i think...every1 has his/her own school of thought...this conversation wont change my opinion on sharing information for the sake of education....i belief its different than piracy of software (warez)....i dont want to spur any controversy or upset any1...just forget if i ever asked for the Q&As database and stay happy :)

    We believe 100% in sharing information, but we don't believe in violating copyright laws or franchise laws to do it. Someone else took the time and effort to write a book or create practice exams, they deserve to be compensated just the same as if they were farmers growing crops or a mechanic repairing our car. To say that you can't afford them, therefore the creator or owner should not be paid for the material they worked hard to create, is the same as saying the mechanic should fix your car for free because you can't afford it.

    If you have specific questions or scenarios you would like help with, we will be more than happy to "share" our knowledge and opinions with you. We will not send you pirated material that is protected by copyright or franchise laws.

    'Nuff said... I hope.
    All things are possible, only believe.
  • justus1justus1 Posts: 85Member ■■□□□□□□□□
    I am thinking about taking the CISM exam in June '08. All that I have seen out there for study materials are the Official Review Manual ($100) and there are mixed reviews for the materials listed on amazon. Anyone out there have any good tips? Thank you.
  • JDMurrayJDMurray Certification Invigilator Surf City, USAPosts: 11,383Admin Admin
    The CISM Forums at cccure.org has a few mentions for books, but there don't seem to be any online CISM practice tests. Most of the recommendations are to use the official ISACA book and the CISSP study materials.
  • justus1justus1 Posts: 85Member ■■□□□□□□□□
    Thanks JD, always coming through. I guess it is time to drop the 100 bones for the official guide.
  • justus1justus1 Posts: 85Member ■■□□□□□□□□
    My office just got a copy of the 2007 review manual. I haven't taken the exam yet, but I was wondering if any of those CISMs out there would recommend getting the 2008 since I am going to take it next June? If the information doesn't change too much (in your opinion) then I will just plug along with what I have here. Thank you.
  • keatronkeatron Posts: 1,208Member ■■■■■■□□□□
    JDMurray wrote:
    fyeq wrote:
    hahahahhahaha.....now u guys are making me guilty...but the harsh truth of having the dough to give certification exams and examination is not feaseble for every1....even though i am asking for a Q&As database for a security(irony) certification...i should be abiding certain codes and ethics icon_rolleyes.gif
    "I can't afford that 50" plasma TV so that should give me the right to steal it." Lotsa people rationalize that one.

    He seems to think that certifications are a necessity, like healthcare, and therefore he has a right to steal what he "needs." I certainly don't want any InfoSec people in my organization whose first solution to a problem is theft.

    Yes JD, and if you find a e-commerce site that has un-protected hidden fields in their forms, you can get that Plasma for 35 bucks instead of $3500.icon_wink.gif

    But to fyeq, everything the guys have told you is right on point. Passing the exam worth less than the paper the cert is printed on if you only **** through the study process. I'll probably sit the CISM sometime in the first quarter of next year, and few people here have already sat it. So you can certainly get help here if you ask the right questions (Hint: asking to help you **** is definitely NOT the right question). To date, I haven't seen or heard of anything more complete than the official review guide. There's simply just not that much material out there for this exam. It doesn't have nearly the popularity of say the CISSP.

    Keatron.
  • lopezcolopezco Posts: 38Member ■■□□□□□□□□
    BeaverC32 wrote:
    For the sake of education? You're requesting a copy of Q+A's to the exam...aka you want to ****. How about learning the material through legit sources like the rest of us?

    That is not cheating.
    It is a product sold by ISACA and It is to practice, check what are your weak points, and also some concepts are enforced with the explanation provided.
    DAL
    "If you reveal your secrets to the wind, you should not blame the wind for revealing them to the trees." — Kahlil Gibran
  • lopezcolopezco Posts: 38Member ■■□□□□□□□□
    justus1 wrote:
    I am thinking about taking the CISM exam in June '08. All that I have seen out there for study materials are the Official Review Manual ($100) and there are mixed reviews for the materials listed on amazon. Anyone out there have any good tips? Thank you.

    I will take the CISM test next saturday and I have only studied CRM07 and Database Q&A from ISACA.
    I did the same for CISA and worked fine.
    I have to say I feel too much confidence in passing this exam, and I have not studied hard (which is a mistake).
    I hope I will do ok
    DAL
    "If you reveal your secrets to the wind, you should not blame the wind for revealing them to the trees." — Kahlil Gibran
  • sprkymrksprkymrk Posts: 4,884Member
    lopezco wrote:
    BeaverC32 wrote:
    For the sake of education? You're requesting a copy of Q+A's to the exam...aka you want to ****. How about learning the material through legit sources like the rest of us?

    That is not cheating.
    It is a product sold by ISACA and It is to practice, check what are your weak points, and also some concepts are enforced with the explanation provided.

    You're right, but asking for a free copy of a copyrighted product is called pirating, which is just as big a no-no as cheating, and it's especially ironic that someone who wants to get into the IT securtity field wants to start off by asking for warez (illegal copies).

    sprkymrk wrote:
    'Nuff said... I hope.
    I guess I should have known better than to "hope" I had already said enough. icon_rolleyes.gif
    All things are possible, only believe.
  • dynamikdynamik Posts: 12,314Banned ■■■■■■■■□□
    sprkymrk wrote:
    I guess I should have known better than to "hope" I had already said enough. icon_rolleyes.gif

    Since you obviously want this thread to continue it's downward spiral into madness, and because I just can't get enough of your posts, I'm going to play devil's advocate icon_twisted.gif

    When I was 16-17, I came across Photoshop. There was no way I could afford that, so I acquired it another way (via IRC, not this p2p bs that exists nowadays). Anyway, with the skills I acquired over the next 18 months, I was able to start my own web design business. I got pretty steady work right off the bat, and the first few thousand dollars I made went right to Adobe and Macromedia. I eventually abandoned the business when I got married because I wanted a more steady flow of income, but to this day, my web design-on-the-side provides the extra money for all my training resources. Was a kid pirating a copy of Photoshop for personal use worth thousands to numerous companies later on?

    I know this doesn't really generalize to IT training since most people will not go back and purchase the training resources after they pass the exams and get a job, but the point I want to make is that it's easy for those of us with decent jobs/life situations to generalize our position to others. It's a different story for those less fortunate. It would be easy for me to criticize some 19 year old with a kid, and tell him to get another job to pay for his training. However, maybe it would be better if he just got off to a good start immediately, so he could be more productive sooner. I think it's a gray-area, and I'm not necessarily saying that it's acceptable behavior even under those circumstances. Nor am I defending the guy who started this discussion, his room-temperature IQ, or the person who decides to purchase a Wii instead of training resources. I just wanted to offer a different perspective and suggest that we don't judge others so hastily.
  • SchluepSchluep Posts: 346Member
    dynamik wrote:
    sprkymrk wrote:
    I guess I should have known better than to "hope" I had already said enough. icon_rolleyes.gif

    Since you obviously want this thread to continue it's downward spiral into madness, and because I just can't get enough of your posts, I'm going to play devil's advocate icon_twisted.gif

    When I was 16-17, I came across Photoshop. There was no way I could afford that, so I acquired it another way (via IRC, not this p2p bs that exists nowadays). Anyway, with the skills I acquired over the next 18 months, I was able to start my own web design business. I got pretty steady work right off the bat, and the first few thousand dollars I made went right to Adobe and Macromedia. I eventually abandoned the business when I got married because I wanted a more steady flow of income, but to this day, my web design-on-the-side provides the extra money for all my training resources. Was a kid pirating a copy of Photoshop for personal use worth thousands to numerous companies later on?

    I know this doesn't really generalize to IT training since most people will not go back and purchase the training resources after they pass the exams and get a job, but the point I want to make is that it's easy for those of us with decent jobs/life situations to generalize our position to others. It's a different story for those less fortunate. It would be easy for me to criticize some 19 year old with a kid, and tell him to get another job to pay for his training. However, maybe it would be better if he just got off to a good start immediately, so he could be more productive sooner. I think it's a gray-area, and I'm not necessarily saying that it's acceptable behavior even under those circumstances. Nor am I defending the guy who started this discussion, his room-temperature IQ, or the person who decides to purchase a Wii instead of training resources. I just wanted to offer a different perspective and suggest that we don't judge others so hastily.

    I think I could play this game successfully. What if that copy of Photoshop you didn't purchase along with millions of others who didn't purchase it originally cost Adobe so much that they skipped developing several new projects in planning that would have employed hundreds of workers people, created a stronger foothold for the company, and allowed these new and innovative software products to save business across the world substantial amounts of money by using them over less efficient methods that existed. I don't think they would find it worthwhile to have gotten a few thousand dollars down the road at that cost. The problem with the devil's advocate concept is that it could go on forever. We will never truly understand all of the possible ramnifications of our actions. We have all heard stories from people who almost committed suicide but changed their mind because someone said "Hello" to them in passing. How many people haven't we said "Hello" to enough lately? I have said "Hello" to thousands of people, but did any truly have an impact?

    Since we can never truly know the outcome of our actions even if they may seem justifiable, the grey area could seemingly exist with even things that are cut and dry. The only thing we can go by is either Right of Wrong. I believe theft is wrong, regardless of the circumstance. For some reason a lot of people justify theft of intellecual property believing it does not hurt anyone, when it actuallity it does.

    To go back to the Photoshop example, a 16 or 17 year old could:

    A. Work an extra job and save the earning specifically for Photoshop.
    B. Start a part time business of some sort with an area you are competant in, be it computer repair, sales, or something else.
    C. Find relatives or neighbors willing to pay for some type of service you perform and compensate you for your time with the goal of putting it towards Photoshop to be used in starting your own web design business.
    D. Last resort would be something I don't normally suggest, but with the intent to start a profitable business you could borough money for the tools you need to do so.

    Just because it couldn't be afforded at the time doesn't mean it isn't possible to make a way to afford it.

    dynamik wrote:
    I just wanted to offer a different perspective and suggest that we don't judge others so hastily.

    It isn't about judging people or insinuating they are not good people, but about offering suggestions about making ethical choices. Stealing such material typically breaches contractual agreements consented to by the originally purchasers of the products and often involves the breaking of laws for one or both parties. It isn't about judging, but about not assisting someone in making what many of us believe to be a wrong decision.
  • JDMurrayJDMurray Certification Invigilator Surf City, USAPosts: 11,383Admin Admin
    dynamik wrote:
    Was a kid pirating a copy of Photoshop for personal use worth thousands to numerous companies later on?
    You need to decide if the ends justify the means. In your case, you performed a common, unethical action and it resulted in positive and productive consequences. You also need to consider what this sort of action says about your personal character, and how your actions shape your own conception of right and wrong.
  • sprkymrksprkymrk Posts: 4,884Member
    dynamik wrote:
    Was a kid pirating a copy of Photoshop for personal use worth thousands to numerous companies later on?

    Maybe the software would have been affordable to a 17 year old kid in the first place if the company didn't have to inflate prices due to pirating.

    If I can't afford a wide screen TV, but I steal one, is it okay as long as I then pay for cable TV subscriptions later?

    If you read my post, I was pointing out that neither cheating nor pirating are acceptable behaviors of potential IT security professionals.
    All things are possible, only believe.
  • dynamikdynamik Posts: 12,314Banned ■■■■■■■■□□
    Wow. Sorry guys. I just meant to joke around with sprkymrk a bit. I didn't mean to elicit such a strong backlash.

    I actually agree with the points you all make. I'm well aware of the amount of work that goes into software development and creating training materials, and I enjoy supporting the companies who make these great products.

    At the root of it, I know some people struggling to create better lives for themselves while others squander their opportunities. I think a little of that unrelated frustration subconsciously bubbled to the surface and made that post a little more serious than it was intended to be. Again, I apologize for inconvenience.

    BTW, that's a interesting link JD -- thanks for sharing.
  • SchluepSchluep Posts: 346Member
    dynamik wrote:
    Wow. Sorry guys. I just meant to joke around with sprkymrk a bit. I didn't mean to elicit such a strong backlash.

    I actually agree with the points you all make. I'm well aware of the amount of work that goes into software development and creating training materials, and I enjoy supporting the companies who make these great products.

    At the root of it, I know some people struggling to create better lives for themselves while others squander their opportunities. I think a little of that unrelated frustration subconsciously bubbled to the surface and made that post a little more serious than it was intended to be. Again, I apologize for inconvenience.

    BTW, that's a interesting link JD -- thanks for sharing.

    Don't apologize. There may be some people on these boards considering either cheating on an exam or using pirated material to prepare for their exam that may change their mind as a result of reading these posts. Perhaps some of them justified doing so to themselves using the logic you presented as a joke and might have second thoughts now. The "strong backlash" wasn't directed at you, but at idea of people justifying such actions.

    Of course most all of us feel for those who are struggling financially and working to try and create a better life for themselves and those entrusted to their care. I think we all agree that we can't help everyone, but teaching them to steal would not be helpful.
  • sprkymrksprkymrk Posts: 4,884Member
    Wow. Sorry guys. I just meant to joke around with sprkymrk a bit. I didn't mean to elicit such a strong backlash.

    I didn't mean to sound harsh, no offence was taken. However, you know you made a really good post when you can get 3-4 replies in such a short time. :)

    I can say "ditto" to Schluep's post above.
    All things are possible, only believe.
  • dynamikdynamik Posts: 12,314Banned ■■■■■■■■□□
    Oh, I didn't think anyone was harsh. I think I was just expecting more philosophical responses, like JD's; not all this doom and gloom icon_eek.gif

    Apparently, this is quite a touchy subject icon_lol.gif
  • lopezcolopezco Posts: 38Member ■■□□□□□□□□
    sprkymrk wrote:
    You're right, but asking for a free copy of a copyrighted product is called pirating, which is just as big a no-no as cheating, and it's especially ironic that someone who wants to get into the IT securtity field wants to start off by asking for warez (illegal copies).
    Agree, I thought was refering to using Q&A.
    DAL
    "If you reveal your secrets to the wind, you should not blame the wind for revealing them to the trees." — Kahlil Gibran
  • lopezcolopezco Posts: 38Member ■■□□□□□□□□
    GoodBishop wrote:
    Greetings.

    I just signed up for the CISM exam (today's the deadline!), do you all have any thoughts as to what books I should read for the exam?

    And do you have any thoughts as to what I should do when I get the certification, or how should I leverage that into either getting a different job or a raise?

    I took the test yesterday, I found it harder than I was expecting.
    I hope I passed, good luck to all who sat in CISA and CISM exam yesterday!
    DAL
    "If you reveal your secrets to the wind, you should not blame the wind for revealing them to the trees." — Kahlil Gibran
  • JDMurrayJDMurray Certification Invigilator Surf City, USAPosts: 11,383Admin Admin
    Can you give us a non-detailed review of the exam itself, and you opinions on preparation and expectations?
Sign In or Register to comment.